You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
53 lines
1.4 KiB
53 lines
1.4 KiB
7 years ago
|
autofs-5.1.0 - fix buffer size checks in get_network_proximity()
|
||
|
|
|
||
|
|
From: Ian Kent <raven@themaw.net>
|
||
|
|
|
||
|
|
Add several buffer size checks in get_network_proximity().
|
||
|
|
---
|
||
|
|
CHANGELOG | 1 +
|
||
|
|
lib/parse_subs.c | 8 +++++---
|
||
|
|
2 files changed, 6 insertions(+), 3 deletions(-)
|
||
|
|
|
||
|
|
--- autofs-5.0.7.orig/CHANGELOG
|
||
|
|
+++ autofs-5.0.7/CHANGELOG
|
||
|
|
@@ -135,6 +135,7 @@
|
||
|
|
- fix FILE pointer check in defaults_read_config().
|
||
|
|
- fix memory leak in conf_amd_get_log_options().
|
||
|
|
- fix signed comparison in inet_fill_net().
|
||
|
|
+- fix buffer size checks in get_network_proximity().
|
||
|
|
|
||
|
|
25/07/2012 autofs-5.0.7
|
||
|
|
=======================
|
||
|
|
--- autofs-5.0.7.orig/lib/parse_subs.c
|
||
|
|
+++ autofs-5.0.7/lib/parse_subs.c
|
||
|
|
@@ -437,7 +437,7 @@ unsigned int get_network_proximity(const
|
||
|
|
{
|
||
|
|
struct addrinfo hints;
|
||
|
|
struct addrinfo *ni, *this;
|
||
|
|
- char name_or_num[NI_MAXHOST];
|
||
|
|
+ char name_or_num[NI_MAXHOST + 1];
|
||
|
|
unsigned int proximity;
|
||
|
|
char *net;
|
||
|
|
int ret;
|
||
|
|
@@ -449,16 +449,18 @@ unsigned int get_network_proximity(const
|
||
|
|
if (net)
|
||
|
|
strcpy(name_or_num, net);
|
||
|
|
else {
|
||
|
|
- char this[NI_MAXHOST];
|
||
|
|
+ char this[NI_MAXHOST + 1];
|
||
|
|
char *mask;
|
||
|
|
|
||
|
|
+ if (strlen(name) > NI_MAXHOST)
|
||
|
|
+ return PROXIMITY_ERROR;
|
||
|
|
strcpy(this, name);
|
||
|
|
if ((mask = strchr(this, '/')))
|
||
|
|
*mask++ = '\0';
|
||
|
|
if (!strchr(this, '.'))
|
||
|
|
strcpy(name_or_num, this);
|
||
|
|
else {
|
||
|
|
- char buf[NI_MAXHOST], *new;
|
||
|
|
+ char buf[NI_MAXHOST + 1], *new;
|
||
|
|
new = inet_fill_net(this, buf);
|
||
|
|
if (!new)
|
||
|
|
return PROXIMITY_ERROR;
|