autofs-5.0.6 - fix segfault in get_query_dn()

From: Leonardo Chiquitto <leonardo.lists@gmail.com>

Automount will segfault when two threads run get_query_dn()

simultaneously and $SEARCH_BASE is defined in sysconfig.

This happens because a thread tries to dereference ctxt->sdns

while another thread running the same function frees the

memory.

I believe we don't need to reread $SEARCH_BASE every time

get_query_dn() is called.

edit: Ian Kent <raven@themaw.net>

move the read of configured search dns to lookup_init().

edit end

---

 modules/lookup_ldap.c |   13 +++----------

 1 file changed, 3 insertions(+), 10 deletions(-)

--- autofs-5.0.6.orig/modules/lookup_ldap.c

+++ autofs-5.0.6/modules/lookup_ldap.c

@@ -281,7 +281,6 @@ static int get_query_dn(unsigned logopt,

 	char buf[MAX_ERR_BUF];

 	char *query, *dn, *qdn;

 	LDAPMessage *result, *e;

-	struct ldap_searchdn *sdns = NULL;

 	char *attrs[2];

 	struct berval **value;

 	int scope;

@@ -330,15 +329,6 @@ static int get_query_dn(unsigned logopt,

 		scope = LDAP_SCOPE_SUBTREE;

 	}

-	if (!ctxt->base) {

-		sdns = defaults_get_searchdns();

-		if (sdns) {

-			if (ctxt->sdns)

-				defaults_free_searchdns(ctxt->sdns);

-			ctxt->sdns = sdns;

-		}

-	}

-

 	dn = NULL;

 	if (!ctxt->sdns) {

 		rv = ldap_search_s(ldap, ctxt->base,

@@ -1467,6 +1457,9 @@ int lookup_init(const char *mapfmt, int

 		return 1;

 	}

+	if (!ctxt->base)

+		ctxt->sdns = defaults_get_searchdns();

+

 	ctxt->timeout = defaults_get_ldap_timeout();

 	ctxt->network_timeout = defaults_get_ldap_network_timeout();