rpms/autofs/devel autofs-5.0.4-easy-alloca-replacements-fix.patch, NONE, 1.1.2.1 autofs.spec, 1.267, 1.267.2.1
Ian Kent
iankent at fedoraproject.org
Thu Feb 19 06:20:33 UTC 2009
- Previous message (by thread): rpms/koji/F-9 .cvsignore, 1.9, 1.10 koji.spec, 1.11, 1.12 sources, 1.9, 1.10
- Next message (by thread): rpms/hercules/F-10 hercules-3.06-ltdl.patch, NONE, 1.1 hercules-3.06-preproc.patch, NONE, 1.1 .cvsignore, 1.7, 1.8 hercules.spec, 1.22, 1.23 sources, 1.7, 1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: iankent
Update of /cvs/pkgs/rpms/autofs/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5268
Modified Files:
Tag: private-autofs-segv-test-branch
autofs.spec
Added Files:
Tag: private-autofs-segv-test-branch
autofs-5.0.4-easy-alloca-replacements-fix.patch
Log Message:
* Thu Feb 19 2009 Ian Kent <ikent at redhat.com> - 5.0.4-11
- fix array out of bounds accesses and cleanup couple of other alloca() calls.
autofs-5.0.4-easy-alloca-replacements-fix.patch:
--- NEW FILE autofs-5.0.4-easy-alloca-replacements-fix.patch ---
autofs-5.0.4 - easy alloca replacements fix
From: Ian Kent <raven at themaw.net>
Fix array out of bounds accesses and remove alloca(3) calls from
modules/mount_autofs.c and modules/mount_nfs.c as well.
---
CHANGELOG | 1 +
modules/lookup_ldap.c | 3 ---
modules/mount_autofs.c | 11 +++--------
modules/mount_bind.c | 6 +++++-
modules/mount_changer.c | 6 +++++-
modules/mount_ext2.c | 6 +++++-
modules/mount_generic.c | 6 +++++-
modules/mount_nfs.c | 12 +++++++-----
8 files changed, 31 insertions(+), 20 deletions(-)
--- autofs-5.0.4.orig/CHANGELOG
+++ autofs-5.0.4/CHANGELOG
@@ -20,6 +20,7 @@
- update to configure libtirpc if present.
- update to provide ipv6 name and address support.
- update to provide ipv6 address parsing.
+- easy alloca replacements fix.
4/11/2008 autofs-5.0.4
-----------------------
--- autofs-5.0.4.orig/modules/lookup_ldap.c
+++ autofs-5.0.4/modules/lookup_ldap.c
@@ -1474,7 +1474,6 @@ int lookup_read_master(struct master *ma
free(query);
return NSS_STATUS_UNAVAIL;
}
- query[l] = '\0';
/* Initialize the LDAP context. */
ldap = do_reconnect(logopt, ctxt);
@@ -2213,7 +2212,6 @@ static int read_one_map(struct autofs_po
free(sp.query);
return NSS_STATUS_UNAVAIL;
}
- sp.query[l] = '\0';
/* Initialize the LDAP context. */
sp.ldap = do_reconnect(ap->logopt, ctxt);
@@ -2404,7 +2402,6 @@ static int lookup_one(struct autofs_poin
free(query);
return CHE_FAIL;
}
- query[ql] = '\0';
/* Initialize the LDAP context. */
ldap = do_reconnect(ap->logopt, ctxt);
--- autofs-5.0.4.orig/modules/mount_autofs.c
+++ autofs-5.0.4/modules/mount_autofs.c
@@ -45,7 +45,8 @@ int mount_mount(struct autofs_point *ap,
{
struct startup_cond suc;
pthread_t thid;
- char *realpath, *mountpoint;
+ char realpath[PATH_MAX];
+ char mountpoint[PATH_MAX];
const char **argv;
int argc, status, ghost = ap->flags & MOUNT_FLAG_GHOST;
time_t timeout = ap->exp_timeout;
@@ -62,8 +63,6 @@ int mount_mount(struct autofs_point *ap,
/* Root offset of multi-mount */
len = strlen(root);
if (root[len - 1] == '/') {
- realpath = alloca(strlen(ap->path) + name_len + 2);
- mountpoint = alloca(len + 1);
strcpy(realpath, ap->path);
strcat(realpath, "/");
strcat(realpath, name);
@@ -71,8 +70,6 @@ int mount_mount(struct autofs_point *ap,
strncpy(mountpoint, root, len);
mountpoint[len] = '\0';
} else if (*name == '/') {
- realpath = alloca(name_len + 1);
- mountpoint = alloca(len + 1);
if (ap->flags & MOUNT_FLAG_REMOUNT) {
strcpy(mountpoint, name);
strcpy(realpath, name);
@@ -81,12 +78,10 @@ int mount_mount(struct autofs_point *ap,
strcpy(realpath, name);
}
} else {
- realpath = alloca(len + name_len + 2);
- mountpoint = alloca(len + name_len + 2);
strcpy(mountpoint, root);
strcat(mountpoint, "/");
- strcpy(realpath, mountpoint);
strcat(mountpoint, name);
+ strcpy(realpath, mountpoint);
strcat(realpath, name);
}
--- autofs-5.0.4.orig/modules/mount_bind.c
+++ autofs-5.0.4/modules/mount_bind.c
@@ -81,8 +81,12 @@ int mount_mount(struct autofs_point *ap,
len = strlen(root);
if (root[len - 1] == '/') {
len = snprintf(fullpath, len, "%s", root);
- /* Direct mount name is absolute path so don't use root */
} else if (*name == '/') {
+ /*
+ * Direct or offset mount, name is absolute path so
+ * don't use root (but with move mount changes root
+ * is now the same as name).
+ */
len = sprintf(fullpath, "%s", root);
} else {
len = sprintf(fullpath, "%s/%s", root, name);
--- autofs-5.0.4.orig/modules/mount_changer.c
+++ autofs-5.0.4/modules/mount_changer.c
@@ -58,8 +58,12 @@ int mount_mount(struct autofs_point *ap,
len = strlen(root);
if (root[len - 1] == '/') {
len = snprintf(fullpath, len, "%s", root);
- /* Direct mount name is absolute path so don't use root */
} else if (*name == '/') {
+ /*
+ * Direct or offset mount, name is absolute path so
+ * don't use root (but with move mount changes root
+ * is now the same as name).
+ */
len = sprintf(fullpath, "%s", root);
} else {
len = sprintf(fullpath, "%s/%s", root, name);
--- autofs-5.0.4.orig/modules/mount_ext2.c
+++ autofs-5.0.4/modules/mount_ext2.c
@@ -50,8 +50,12 @@ int mount_mount(struct autofs_point *ap,
len = strlen(root);
if (root[len - 1] == '/') {
len = snprintf(fullpath, len, "%s", root);
- /* Direct mount name is absolute path so don't use root */
} else if (*name == '/') {
+ /*
+ * Direct or offset mount, name is absolute path so
+ * don't use root (but with move mount changes root
+ * is now the same as name).
+ */
len = sprintf(fullpath, "%s", root);
} else {
len = sprintf(fullpath, "%s/%s", root, name);
--- autofs-5.0.4.orig/modules/mount_generic.c
+++ autofs-5.0.4/modules/mount_generic.c
@@ -49,8 +49,12 @@ int mount_mount(struct autofs_point *ap,
len = strlen(root);
if (root[len - 1] == '/') {
len = snprintf(fullpath, len, "%s", root);
- /* Direct mount name is absolute path so don't use root */
} else if (*name == '/') {
+ /*
+ * Direct or offset mount, name is absolute path so
+ * don't use root (but with move mount changes root
+ * is now the same as name).
+ */
len = sprintf(fullpath, "%s", root);
} else {
len = sprintf(fullpath, "%s/%s", root, name);
--- autofs-5.0.4.orig/modules/mount_nfs.c
+++ autofs-5.0.4/modules/mount_nfs.c
@@ -58,7 +58,8 @@ int mount_mount(struct autofs_point *ap,
const char *what, const char *fstype, const char *options,
void *context)
{
- char *fullpath, buf[MAX_ERR_BUF];
+ char fullpath[PATH_MAX];
+ char buf[MAX_ERR_BUF];
struct host *this, *hosts = NULL;
unsigned int vers;
char *nfsoptions = NULL;
@@ -150,14 +151,15 @@ int mount_mount(struct autofs_point *ap,
/* Root offset of multi-mount */
len = strlen(root);
if (root[len - 1] == '/') {
- fullpath = alloca(len);
len = snprintf(fullpath, len, "%s", root);
- /* Direct mount name is absolute path so don't use root */
} else if (*name == '/') {
- fullpath = alloca(len + 1);
+ /*
+ * Direct or offset mount, name is absolute path so
+ * don't use root (but with move mount changes root
+ * is now the same as name).
+ */
len = sprintf(fullpath, "%s", root);
} else {
- fullpath = alloca(len + name_len + 2);
len = sprintf(fullpath, "%s/%s", root, name);
}
fullpath[len] = '\0';
Index: autofs.spec
===================================================================
RCS file: /cvs/pkgs/rpms/autofs/devel/autofs.spec,v
retrieving revision 1.267
retrieving revision 1.267.2.1
diff -u -r1.267 -r1.267.2.1
--- autofs.spec 19 Feb 2009 00:15:32 -0000 1.267
+++ autofs.spec 19 Feb 2009 06:20:02 -0000 1.267.2.1
@@ -4,7 +4,7 @@
Summary: A tool for automatically mounting and unmounting filesystems
Name: autofs
Version: 5.0.4
-Release: 10
+Release: 11
Epoch: 1
License: GPLv2+
Group: System Environment/Daemons
@@ -32,6 +32,7 @@
Patch20: autofs-5.0.4-ipv6-name-and-address-support.patch
Patch21: autofs-5.0.4-ipv6-parse.patch
Patch22: autofs-5.0.4-use-CLOEXEC-flag-setmntent-include-fix.patch
+Patch23: autofs-5.0.4-easy-alloca-replacements-fix.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf, hesiod-devel, openldap-devel, bison, flex, libxml2-devel, cyrus-sasl-devel, openssl-devel module-init-tools util-linux nfs-utils e2fsprogs
Requires: kernel >= 2.6.17
@@ -95,6 +96,7 @@
%patch20 -p1
%patch21 -p1
%patch22 -p1
+%patch23 -p1
%build
#CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=/usr --libdir=%{_libdir}
@@ -147,6 +149,9 @@
%{_libdir}/autofs/
%changelog
+* Thu Feb 19 2009 Ian Kent <ikent at redhat.com> - 5.0.4-11
+- fix array out of bounds accesses and cleanup couple of other alloca() calls.
+
* Thu Feb 19 2009 Ian Kent <ikent at redhat.com> - 5.0.4-10
- fix mntent.h not included before use of setmntent_r().
- Previous message (by thread): rpms/koji/F-9 .cvsignore, 1.9, 1.10 koji.spec, 1.11, 1.12 sources, 1.9, 1.10
- Next message (by thread): rpms/hercules/F-10 hercules-3.06-ltdl.patch, NONE, 1.1 hercules-3.06-preproc.patch, NONE, 1.1 .cvsignore, 1.7, 1.8 hercules.spec, 1.22, 1.23 sources, 1.7, 1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list