topaLE
/
ni-buildsystem
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1961 Commits
1 Branch
7 Tags
29 MiB
 
 
 
 
 
 
Tree: 9674d9c529
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9674d9c529'
${ noResults }
ni-buildsystem/package/autofs/patches/autofs-5.1.7-add-mapent-pat...

60 lines
1.9 KiB
Raw Blame History

autofs-5.1.7 - add mapent path length check in handle_packet_expire_direct()
From: Ian Kent <raven@themaw.net>
Since direct mount expire requests from the kernel need to look up their
map entry and copy the path to a request processing struct fix length
char array the copy length should be checked.
Signed-off-by: Ian Kent <raven@themaw.net>
---
CHANGELOG | 1 +
daemon/direct.c | 12 ++++++++----
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index 0dac7318..5fdb4c0a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -83,6 +83,7 @@
- use default stack size for threads.
- fix use of possibly NULL var in lookup_program.c:match_key().
- fix incorrect print format specifiers in get_pkt().
+- add mapent path length check in handle_packet_expire_direct().
25/01/2021 autofs-5.1.7
- make bind mounts propagation slave by default.
diff --git a/daemon/direct.c b/daemon/direct.c
index d37dd676..4a56486b 100644
--- a/daemon/direct.c
+++ b/daemon/direct.c
@@ -1039,13 +1039,18 @@ int handle_packet_expire_direct(struct autofs_point *ap, autofs_packet_expire_di
map = map->next;
}
- if (!me) {
+ if (!me || me->len >= PATH_MAX) {
/*
* Shouldn't happen as we have been sent this following
* successful thread creation and lookup.
*/
- crit(ap->logopt, "can't find map entry for (%lu,%lu)",
- (unsigned long) pkt->dev, (unsigned long) pkt->ino);
+ if (!me)
+ crit(ap->logopt, "can't find map entry for (%lu,%lu)",
+ (unsigned long) pkt->dev, (unsigned long) pkt->ino);
+ else {
+ cache_unlock(mc);
+ crit(ap->logopt, "lookup key is too long");
+ }
master_source_unlock(ap->entry);
pthread_setcancelstate(state, NULL);
return 1;
@@ -1091,7 +1096,6 @@ int handle_packet_expire_direct(struct autofs_point *ap, autofs_packet_expire_di
mt->ap = ap;
mt->ioctlfd = me->ioctlfd;
mt->mc = mc;
- /* TODO: check length here */
strcpy(mt->name, me->key);
mt->dev = me->dev;
mt->type = NFY_EXPIRE;