ni-buildsystem/package/autofs/patches/autofs-5.1.7-add-copy-lengt...

autofs-5.1.7 - add copy length check in umount_autofs_indirect()

From: Ian Kent <raven@themaw.net>

Add a source length check before copying to a work buffer in
umount_autofs_indirect().

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG         |    1 +
 daemon/indirect.c |   13 +++++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 5fdb4c0a..be0b9d85 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -84,6 +84,7 @@
 - fix use of possibly NULL var in lookup_program.c:match_key().
 - fix incorrect print format specifiers in get_pkt().
 - add mapent path length check in handle_packet_expire_direct().
+- add copy length check in umount_autofs_indirect().
 
 25/01/2021 autofs-5.1.7
 - make bind mounts propagation slave by default.
diff --git a/daemon/indirect.c b/daemon/indirect.c
index 9f2ca6a0..b73c2781 100644
--- a/daemon/indirect.c
+++ b/daemon/indirect.c
@@ -238,10 +238,19 @@ int umount_autofs_indirect(struct autofs_point *ap, const char *root)
 	int rv, retries;
 	unsigned int unused;
 
-	if (root)
+	if (root) {
+		if (strlen(root) > PATH_MAX) {
+			error(ap->logopt, "mountpoint path too long");
+			return 1;
+		}
 		strcpy(mountpoint, root);
-	else
+	} else {
+		if (ap->len > PATH_MAX) {
+			error(ap->logopt, "mountpoint path too long");
+			return 1;
+		}
 		strcpy(mountpoint, ap->path);
+	}
 
 	/* If we are trying to shutdown make sure we can umount */
 	rv = ops->askumount(ap->logopt, ap->ioctlfd, &unused);
- autofs: update patchset 2 years ago			`autofs-5.1.7 - add copy length check in umount_autofs_indirect()`

			`From: Ian Kent <raven@themaw.net>`

			`Add a source length check before copying to a work buffer in`
			`umount_autofs_indirect().`

			`Signed-off-by: Ian Kent <raven@themaw.net>`
			`---`
			`CHANGELOG \| 1 +`
			`daemon/indirect.c \| 13 +++++++++++--`
			`2 files changed, 12 insertions(+), 2 deletions(-)`

			`diff --git a/CHANGELOG b/CHANGELOG`
			`index 5fdb4c0a..be0b9d85 100644`
			`--- a/CHANGELOG`
			`+++ b/CHANGELOG`
			`@@ -84,6 +84,7 @@`
			`- fix use of possibly NULL var in lookup_program.c:match_key().`
			`- fix incorrect print format specifiers in get_pkt().`
			`- add mapent path length check in handle_packet_expire_direct().`
			`+- add copy length check in umount_autofs_indirect().`

			`25/01/2021 autofs-5.1.7`
			`- make bind mounts propagation slave by default.`
			`diff --git a/daemon/indirect.c b/daemon/indirect.c`
			`index 9f2ca6a0..b73c2781 100644`
			`--- a/daemon/indirect.c`
			`+++ b/daemon/indirect.c`
			`@@ -238,10 +238,19 @@ int umount_autofs_indirect(struct autofs_point ap, const char root)`
			`int rv, retries;`
			`unsigned int unused;`

			`- if (root)`
			`+ if (root) {`
			`+ if (strlen(root) > PATH_MAX) {`
			`+ error(ap->logopt, "mountpoint path too long");`
			`+ return 1;`
			`+ }`
			`strcpy(mountpoint, root);`
			`- else`
			`+ } else {`
			`+ if (ap->len > PATH_MAX) {`
			`+ error(ap->logopt, "mountpoint path too long");`
			`+ return 1;`
			`+ }`
			`strcpy(mountpoint, ap->path);`
			`+ }`

			`/* If we are trying to shutdown make sure we can umount */`
			`rv = ops->askumount(ap->logopt, ap->ioctlfd, &unused);`