|
Ian Kent |
239613 |
autofs-5.0.3 - check direct mount path length
|
|
Ian Kent |
239613 |
|
|
Ian Kent |
239613 |
From: Ian Kent <raven@themaw.net>
|
|
Ian Kent |
239613 |
|
|
Ian Kent |
239613 |
The length of the path corresponding to a direct mount can't be
|
|
Ian Kent |
239613 |
checked in the kernel so we need to check it will fit into the
|
|
Ian Kent |
239613 |
request structire before going ahead with the mount. The name
|
|
Ian Kent |
239613 |
field of the request structure is also to short and so is increased
|
|
Ian Kent |
239613 |
to PATH_MAX.
|
|
Ian Kent |
239613 |
---
|
|
Ian Kent |
239613 |
|
|
Ian Kent |
239613 |
CHANGELOG | 1 +
|
|
Ian Kent |
239613 |
daemon/direct.c | 15 +++++++++++++--
|
|
Ian Kent |
239613 |
include/automount.h | 2 +-
|
|
Ian Kent |
239613 |
3 files changed, 15 insertions(+), 3 deletions(-)
|
|
Ian Kent |
239613 |
|
|
Ian Kent |
239613 |
|
|
Ian Kent |
239613 |
diff --git a/CHANGELOG b/CHANGELOG
|
|
Ian Kent |
239613 |
index 2553f26..82b080c 100644
|
|
Ian Kent |
239613 |
--- a/CHANGELOG
|
|
Ian Kent |
239613 |
+++ b/CHANGELOG
|
|
Ian Kent |
239613 |
@@ -20,6 +20,7 @@
|
|
Ian Kent |
239613 |
- eliminate redundant DNS name lookups.
|
|
Ian Kent |
239613 |
- additional fix incorrect pthreads condition handling for mount requests.
|
|
Ian Kent |
239613 |
- allow mount point directory creation for clients with an NFS root.
|
|
Ian Kent |
239613 |
+- fix direct mount path length not being checked.
|
|
Ian Kent |
239613 |
|
|
Ian Kent |
239613 |
14/01/2008 autofs-5.0.3
|
|
Ian Kent |
239613 |
-----------------------
|
|
Ian Kent |
239613 |
diff --git a/daemon/direct.c b/daemon/direct.c
|
|
Ian Kent |
239613 |
index 768fbf9..98590ec 100644
|
|
Ian Kent |
239613 |
--- a/daemon/direct.c
|
|
Ian Kent |
239613 |
+++ b/daemon/direct.c
|
|
Ian Kent |
239613 |
@@ -1411,7 +1411,7 @@ static void *do_mount_direct(void *arg)
|
|
Ian Kent |
239613 |
}
|
|
Ian Kent |
239613 |
|
|
Ian Kent |
239613 |
cont:
|
|
Ian Kent |
239613 |
- status = lookup_nss_mount(ap, NULL, mt.name, strlen(mt.name));
|
|
Ian Kent |
239613 |
+ status = lookup_nss_mount(ap, NULL, mt.name, mt.len);
|
|
Ian Kent |
239613 |
/*
|
|
Ian Kent |
239613 |
* Direct mounts are always a single mount. If it fails there's
|
|
Ian Kent |
239613 |
* nothing to undo so just complain
|
|
Ian Kent |
239613 |
@@ -1454,7 +1454,7 @@ int handle_packet_missing_direct(struct autofs_point *ap, autofs_packet_missing_
|
|
Ian Kent |
239613 |
struct pending_args *mt;
|
|
Ian Kent |
239613 |
char buf[MAX_ERR_BUF];
|
|
Ian Kent |
239613 |
int status = 0;
|
|
Ian Kent |
239613 |
- int ioctlfd, cl_flags, state;
|
|
Ian Kent |
239613 |
+ int ioctlfd, len, cl_flags, state;
|
|
Ian Kent |
239613 |
|
|
Ian Kent |
239613 |
pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &state);
|
|
Ian Kent |
239613 |
|
|
Ian Kent |
239613 |
@@ -1525,6 +1525,16 @@ int handle_packet_missing_direct(struct autofs_point *ap, autofs_packet_missing_
|
|
Ian Kent |
239613 |
return 1;
|
|
Ian Kent |
239613 |
}
|
|
Ian Kent |
239613 |
|
|
Ian Kent |
239613 |
+ len = strlen(me->key);
|
|
Ian Kent |
239613 |
+ if (len >= PATH_MAX) {
|
|
Ian Kent |
239613 |
+ error(ap->logopt, "direct mount path too long %s", me->key);
|
|
Ian Kent |
239613 |
+ send_fail(ap->logopt, ioctlfd, pkt->wait_queue_token);
|
|
Ian Kent |
239613 |
+ close(ioctlfd);
|
|
Ian Kent |
239613 |
+ cache_unlock(mc);
|
|
Ian Kent |
239613 |
+ pthread_setcancelstate(state, NULL);
|
|
Ian Kent |
239613 |
+ return 1;
|
|
Ian Kent |
239613 |
+ }
|
|
Ian Kent |
239613 |
+
|
|
Ian Kent |
239613 |
mt = malloc(sizeof(struct pending_args));
|
|
Ian Kent |
239613 |
if (!mt) {
|
|
Ian Kent |
239613 |
char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
Ian Kent |
239613 |
@@ -1553,6 +1563,7 @@ int handle_packet_missing_direct(struct autofs_point *ap, autofs_packet_missing_
|
|
Ian Kent |
239613 |
mt->ioctlfd = ioctlfd;
|
|
Ian Kent |
239613 |
mt->mc = mc;
|
|
Ian Kent |
239613 |
strcpy(mt->name, me->key);
|
|
Ian Kent |
239613 |
+ mt->len = len;
|
|
Ian Kent |
239613 |
mt->dev = me->dev;
|
|
Ian Kent |
239613 |
mt->type = NFY_MOUNT;
|
|
Ian Kent |
239613 |
mt->uid = pkt->uid;
|
|
Ian Kent |
239613 |
diff --git a/include/automount.h b/include/automount.h
|
|
Ian Kent |
239613 |
index d59be77..72e2457 100644
|
|
Ian Kent |
239613 |
--- a/include/automount.h
|
|
Ian Kent |
239613 |
+++ b/include/automount.h
|
|
Ian Kent |
239613 |
@@ -409,7 +409,7 @@ struct pending_args {
|
|
Ian Kent |
239613 |
int type; /* Type of packet */
|
|
Ian Kent |
239613 |
int ioctlfd; /* Mount ioctl fd */
|
|
Ian Kent |
239613 |
struct mapent_cache *mc; /* Cache Containing entry */
|
|
Ian Kent |
239613 |
- char name[KEY_MAX_LEN]; /* Name field of the request */
|
|
Ian Kent |
239613 |
+ char name[PATH_MAX]; /* Name field of the request */
|
|
Ian Kent |
239613 |
dev_t dev; /* device number of mount */
|
|
Ian Kent |
239613 |
unsigned int len; /* Name field len */
|
|
Ian Kent |
239613 |
uid_t uid; /* uid of requestor */
|