From 81fa6885ac34de0ca26ddd4b3026daefff4d310b Mon Sep 17 00:00:00 2001 From: Ian Kent Date: Aug 17 2018 01:10:17 +0000 Subject: - fix use after free in parse_ldap_config() (bug 1617987). --- diff --git a/autofs-5.1.4-fix-use-after-free-in-parse_ldap_config.patch b/autofs-5.1.4-fix-use-after-free-in-parse_ldap_config.patch new file mode 100644 index 0000000..32be56e --- /dev/null +++ b/autofs-5.1.4-fix-use-after-free-in-parse_ldap_config.patch @@ -0,0 +1,34 @@ +autofs-5.1.4 - fix use after free in parse_ldap_config() + +From: Ian Kent + +Commit a4a2af5f30 (covarity fixes) incorrecly frees local variable +authtype after assigning it to a lookup context structure member. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/lookup_ldap.c | 2 -- + 2 files changed, 1 insertion(+), 2 deletions(-) + +--- autofs-5.1.4.orig/CHANGELOG ++++ autofs-5.1.4/CHANGELOG +@@ -30,6 +30,7 @@ xx/xx/2018 autofs-5.1.5 + - fix age setting at startup. + - fix update_negative_cache() map source usage. + - fix program usage message. ++- fix use after free in parse_ldap_config(). + + 19/12/2017 autofs-5.1.4 + - fix spec file url. +--- autofs-5.1.4.orig/modules/lookup_ldap.c ++++ autofs-5.1.4/modules/lookup_ldap.c +@@ -1383,8 +1383,6 @@ auth_fail: + user, secret ? "specified" : "unspecified", + client_princ, client_cc); + } +- if (authtype) +- free(authtype); + out: + xmlFreeDoc(doc); + if (auth_conf) diff --git a/autofs.spec b/autofs.spec index 38e3a1a..f794988 100644 --- a/autofs.spec +++ b/autofs.spec @@ -8,7 +8,7 @@ Summary: A tool for automatically mounting and unmounting filesystems Name: autofs Version: 5.1.4 -Release: 19%{?dist} +Release: 20%{?dist} Epoch: 1 License: GPLv2+ Group: System Environment/Daemons @@ -44,6 +44,7 @@ Patch28: autofs-5.1.4-covarity-fixes-1.patch Patch29: autofs-5.1.4-fix-age-setting-at-startup.patch Patch30: autofs-5.1.4-fix-update_negative_cache-map-source-usage.patch Patch31: autofs-5.1.4-fix-program-usage-message.patch +Patch32: autofs-5.1.4-fix-use-after-free-in-parse_ldap_config.patch %if %{with_systemd} BuildRequires: systemd-units @@ -135,6 +136,7 @@ echo %{version}-%{release} > .version %patch29 -p1 %patch30 -p1 %patch31 -p1 +%patch32 -p1 %build LDFLAGS=-Wl,-z,now @@ -229,6 +231,9 @@ fi %dir /etc/auto.master.d %changelog +* Fri Aug 17 2018 Ian Kent - 1:5.1.4-20 +- fix use after free in parse_ldap_config(). + * Mon Aug 06 2018 Ian Kent - 1:5.1.4-19 - add-man page note about extra slashes in paths. - covarity fixes.