rpms / autofs

Clone
Source Code
GIT

Blame autofs-5.1.0-fix-buffer-size-checks-in-get_network_proximity.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c8-beta f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master origin/f14/master private-autofs-segv-test-branch private-cthon-branch private-map-expiry-branch
  1.   9f2c4cf3c9e27f6755edc117fc087d9bdd3b53df
  2.   autofs-5.1.0-fix-buffer-size-checks-in-get_network_proximity.patch
Blob History Raw
Ian Kent ff6f3e 
autofs-5.1.0 - fix buffer size checks in get_network_proximity()
Ian Kent ff6f3e
Ian Kent ff6f3e 
From: Ian Kent <raven@themaw.net>
Ian Kent ff6f3e
Ian Kent ff6f3e 
Add several buffer size checks in get_network_proximity().
Ian Kent ff6f3e 
---
Ian Kent ff6f3e 
 CHANGELOG        |    1 +
Ian Kent ff6f3e 
 lib/parse_subs.c |    8 +++++---
Ian Kent ff6f3e 
 2 files changed, 6 insertions(+), 3 deletions(-)
Ian Kent ff6f3e
Ian Kent ff6f3e 
diff --git a/CHANGELOG b/CHANGELOG
Ian Kent ff6f3e 
index 6977443..86166d7 100644
Ian Kent ff6f3e 
--- a/CHANGELOG
Ian Kent ff6f3e 
+++ b/CHANGELOG
Ian Kent ff6f3e 
@@ -10,6 +10,7 @@
Ian Kent ff6f3e 
 - fix FILE pointer check in defaults_read_config().
Ian Kent ff6f3e 
 - fix memory leak in conf_amd_get_log_options().
Ian Kent ff6f3e 
 - fix signed comparison in inet_fill_net().
Ian Kent ff6f3e 
+- fix buffer size checks in get_network_proximity().
Ian Kent ff6f3e
Ian Kent ff6f3e 
 04/06/2014 autofs-5.1.0
Ian Kent ff6f3e 
 =======================
Ian Kent ff6f3e 
diff --git a/lib/parse_subs.c b/lib/parse_subs.c
Ian Kent ff6f3e 
index c1648c2..9af5106 100644
Ian Kent ff6f3e 
--- a/lib/parse_subs.c
Ian Kent ff6f3e 
+++ b/lib/parse_subs.c
Ian Kent ff6f3e 
@@ -437,7 +437,7 @@ unsigned int get_network_proximity(const char *name)
Ian Kent ff6f3e 
 {
Ian Kent ff6f3e 
 	struct addrinfo hints;
Ian Kent ff6f3e 
 	struct addrinfo *ni, *this;
Ian Kent ff6f3e 
-	char name_or_num[NI_MAXHOST];
Ian Kent ff6f3e 
+	char name_or_num[NI_MAXHOST + 1];
Ian Kent ff6f3e 
 	unsigned int proximity;
Ian Kent ff6f3e 
 	char *net;
Ian Kent ff6f3e 
 	int ret;
Ian Kent ff6f3e 
@@ -449,16 +449,18 @@ unsigned int get_network_proximity(const char *name)
Ian Kent ff6f3e 
 	if (net)
Ian Kent ff6f3e 
 		strcpy(name_or_num, net);
Ian Kent ff6f3e 
 	else {
Ian Kent ff6f3e 
-		char this[NI_MAXHOST];
Ian Kent ff6f3e 
+		char this[NI_MAXHOST + 1];
Ian Kent ff6f3e 
 		char *mask;
Ian Kent ff6f3e
Ian Kent ff6f3e 
+		if (strlen(name) > NI_MAXHOST)
Ian Kent ff6f3e 
+			return PROXIMITY_ERROR;
Ian Kent ff6f3e 
 		strcpy(this, name);
Ian Kent ff6f3e 
 		if ((mask = strchr(this, '/')))
Ian Kent ff6f3e 
 			*mask++ = '\0';
Ian Kent ff6f3e 
 		if (!strchr(this, '.'))
Ian Kent ff6f3e 
 			strcpy(name_or_num, this);
Ian Kent ff6f3e 
 		else {
Ian Kent ff6f3e 
-			char buf[NI_MAXHOST], *new;
Ian Kent ff6f3e 
+			char buf[NI_MAXHOST + 1], *new;
Ian Kent ff6f3e 
 			new = inet_fill_net(this, buf);
Ian Kent ff6f3e 
 			if (!new)
Ian Kent ff6f3e 
 				return PROXIMITY_ERROR;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation