base/SOURCES/autofs-5.1.0-add-a-prefix-t...

autofs-5.1.0 - add a prefix to program map stdvars

From: Ian Kent <ikent@redhat.com>

When a program map uses an interpreted languages like python it's
possible to load and execute arbitray code from a user home directory.
This is because the standard environment variables are used to locate
and load modules when using these languages.

To avoid that we need to add a prefix to these environment names so
they aren't used for this purpose. The prefix used is "AUTOFS_" and
is not configurable.
---
 CHANGELOG                |    1 
 include/mounts.h         |    4 +-
 lib/mounts.c             |   84 +++++++++++++++++++++++++++++++++++++++--------
 modules/lookup_program.c |    2 -
 modules/parse_sun.c      |    8 ++--
 5 files changed, 78 insertions(+), 21 deletions(-)

--- autofs-5.0.7.orig/CHANGELOG
+++ autofs-5.0.7/CHANGELOG
@@ -162,6 +162,7 @@
 - make negative cache update consistent for all lookup modules.
 - ensure negative cache isn't updated on remount.
 - dont add wildcard to negative cache.
+- add a prefix to program map stdvars.
 
 25/07/2012 autofs-5.0.7
 =======================
--- autofs-5.0.7.orig/include/mounts.h
+++ autofs-5.0.7/include/mounts.h
@@ -87,8 +87,8 @@ extern unsigned int nfs_mount_uses_strin
 
 struct amd_entry;
 
-struct substvar *addstdenv(struct substvar *sv);
-struct substvar *removestdenv(struct substvar *sv);
+struct substvar *addstdenv(struct substvar *sv, const char *prefix);
+struct substvar *removestdenv(struct substvar *sv, const char *prefix);
 void add_std_amd_vars(struct substvar *sv);
 void remove_std_amd_vars(void);
 struct amd_entry *new_amd_entry(const struct substvar *sv);
--- autofs-5.0.7.orig/lib/mounts.c
+++ autofs-5.0.7/lib/mounts.c
@@ -32,6 +32,7 @@
 
 #define MAX_OPTIONS_LEN		80
 #define MAX_MNT_NAME_LEN	30
+#define MAX_ENV_NAME		15
 
 #define EBUFSIZ 1024
 
@@ -328,7 +329,61 @@ int check_nfs_mount_version(struct nfs_m
 }
 #endif
 
-struct substvar *addstdenv(struct substvar *sv)
+static char *set_env_name(const char *prefix, const char *name, char *buf)
+{
+	size_t len;
+
+	len = strlen(name);
+	if (prefix)
+		len += strlen(prefix);
+	len++;
+
+	if (len > MAX_ENV_NAME)
+		return NULL;
+
+	if (!prefix)
+		strcpy(buf, name);
+	else {
+		strcpy(buf, prefix);
+		strcat(buf, name);
+	}
+	return buf;
+}
+
+static struct substvar *do_macro_addvar(struct substvar *list,
+					const char *prefix,
+					const char *name,
+					const char *val)
+{
+	char buf[MAX_ENV_NAME + 1];
+	char *new;
+	size_t len;
+
+	new = set_env_name(prefix, name, buf);
+	if (new) {
+		len = strlen(new);
+		list = macro_addvar(list, new, len, val);
+	}
+	return list;
+}
+
+static struct substvar *do_macro_removevar(struct substvar *list,
+					   const char *prefix,
+					   const char *name)
+{
+	char buf[MAX_ENV_NAME + 1];
+	char *new;
+	size_t len;
+
+	new = set_env_name(prefix, name, buf);
+	if (new) {
+		len = strlen(new);
+		list = macro_removevar(list, new, len);
+	}
+	return list;
+}
+
+struct substvar *addstdenv(struct substvar *sv, const char *prefix)
 {
 	struct substvar *list = sv;
 	struct thread_stdenv_vars *tsv;
@@ -343,14 +398,14 @@ struct substvar *addstdenv(struct substv
 		num = (long) tsv->uid;
 		ret = sprintf(numbuf, "%ld", num);
 		if (ret > 0)
-			list = macro_addvar(list, "UID", 3, numbuf);
+			list = do_macro_addvar(list, prefix, "UID", numbuf);
 		num = (long) tsv->gid;
 		ret = sprintf(numbuf, "%ld", num);
 		if (ret > 0)
-			list = macro_addvar(list, "GID", 3, numbuf);
-		list = macro_addvar(list, "USER", 4, tsv->user);
-		list = macro_addvar(list, "GROUP", 5, tsv->group);
-		list = macro_addvar(list, "HOME", 4, tsv->home);
+			list = do_macro_addvar(list, prefix, "GID", numbuf);
+		list = do_macro_addvar(list, prefix, "USER", tsv->user);
+		list = do_macro_addvar(list, prefix, "GROUP", tsv->group);
+		list = do_macro_addvar(list, prefix, "HOME", tsv->home);
 		mv = macro_findvar(list, "HOST", 4);
 		if (mv) {
 			char *shost = strdup(mv->val);
@@ -358,7 +413,8 @@ struct substvar *addstdenv(struct substv
 				char *dot = strchr(shost, '.');
 				if (dot)
 					*dot = '\0';
-				list = macro_addvar(list, "SHOST", 5, shost);
+				list = do_macro_addvar(list,
+						       prefix, "SHOST", shost);
 				free(shost);
 			}
 		}
@@ -366,16 +422,16 @@ struct substvar *addstdenv(struct substv
 	return list;
 }
 
-struct substvar *removestdenv(struct substvar *sv)
+struct substvar *removestdenv(struct substvar *sv, const char *prefix)
 {
 	struct substvar *list = sv;
 
-	list = macro_removevar(list, "UID", 3);
-	list = macro_removevar(list, "USER", 4);
-	list = macro_removevar(list, "HOME", 4);
-	list = macro_removevar(list, "GID", 3);
-	list = macro_removevar(list, "GROUP", 5);
-	list = macro_removevar(list, "SHOST", 5);
+	list = do_macro_removevar(list, prefix, "UID");
+	list = do_macro_removevar(list, prefix, "USER");
+	list = do_macro_removevar(list, prefix, "HOME");
+	list = do_macro_removevar(list, prefix, "GID");
+	list = do_macro_removevar(list, prefix, "GROUP");
+	list = do_macro_removevar(list, prefix, "SHOST");
 	return list;
 }
 
--- autofs-5.0.7.orig/modules/lookup_program.c
+++ autofs-5.0.7/modules/lookup_program.c
@@ -181,7 +181,7 @@ static char *lookup_one(struct autofs_po
 		if (ctxt->mapfmt && strcmp(ctxt->mapfmt, "MAPFMT_DEFAULT")) {
 			struct parse_context *pctxt = (struct parse_context *) ctxt->parse->context;
 			/* Add standard environment as seen by sun map parser */
-			pctxt->subst = addstdenv(pctxt->subst);
+			pctxt->subst = addstdenv(pctxt->subst, "AUTOFS_");
 			macro_setenv(pctxt->subst);
 		}
 		execl(ctxt->mapname, ctxt->mapname, name, NULL);
--- autofs-5.0.7.orig/modules/parse_sun.c
+++ autofs-5.0.7/modules/parse_sun.c
@@ -1214,12 +1214,12 @@ int parse_mount(struct autofs_point *ap,
 	pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cur_state);
 	macro_lock();
 
-	ctxt->subst = addstdenv(ctxt->subst);
+	ctxt->subst = addstdenv(ctxt->subst, NULL);
 
 	mapent_len = expandsunent(mapent, NULL, name, ctxt->subst, slashify);
 	if (mapent_len == 0) {
 		error(ap->logopt, MODPREFIX "failed to expand map entry");
-		ctxt->subst = removestdenv(ctxt->subst);
+		ctxt->subst = removestdenv(ctxt->subst, NULL);
 		macro_unlock();
 		pthread_setcancelstate(cur_state, NULL);
 		return 1;
@@ -1229,7 +1229,7 @@ int parse_mount(struct autofs_point *ap,
 	if (!pmapent) {	
 		char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
 		logerr(MODPREFIX "alloca: %s", estr);
-		ctxt->subst = removestdenv(ctxt->subst);
+		ctxt->subst = removestdenv(ctxt->subst, NULL);
 		macro_unlock();
 		pthread_setcancelstate(cur_state, NULL);
 		return 1;
@@ -1237,7 +1237,7 @@ int parse_mount(struct autofs_point *ap,
 	pmapent[mapent_len] = '\0';
 
 	expandsunent(mapent, pmapent, name, ctxt->subst, slashify);
-	ctxt->subst = removestdenv(ctxt->subst);
+	ctxt->subst = removestdenv(ctxt->subst, NULL);
 
 	macro_unlock();
 	pthread_setcancelstate(cur_state, NULL);
autofs package update Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org> 7 years ago			`autofs-5.1.0 - add a prefix to program map stdvars`

			`From: Ian Kent <ikent@redhat.com>`

			`When a program map uses an interpreted languages like python it's`
			`possible to load and execute arbitray code from a user home directory.`
			`This is because the standard environment variables are used to locate`
			`and load modules when using these languages.`

			`To avoid that we need to add a prefix to these environment names so`
			`they aren't used for this purpose. The prefix used is "AUTOFS_" and`
			`is not configurable.`
			`---`
			`CHANGELOG \| 1`
			`include/mounts.h \| 4 +-`
			`lib/mounts.c \| 84 +++++++++++++++++++++++++++++++++++++++--------`
			`modules/lookup_program.c \| 2 -`
			`modules/parse_sun.c \| 8 ++--`
			`5 files changed, 78 insertions(+), 21 deletions(-)`

			`--- autofs-5.0.7.orig/CHANGELOG`
			`+++ autofs-5.0.7/CHANGELOG`
			`@@ -162,6 +162,7 @@`
			`- make negative cache update consistent for all lookup modules.`
			`- ensure negative cache isn't updated on remount.`
			`- dont add wildcard to negative cache.`
			`+- add a prefix to program map stdvars.`

			`25/07/2012 autofs-5.0.7`
			`=======================`
			`--- autofs-5.0.7.orig/include/mounts.h`
			`+++ autofs-5.0.7/include/mounts.h`
			`@@ -87,8 +87,8 @@ extern unsigned int nfs_mount_uses_strin`

			`struct amd_entry;`

			`-struct substvar addstdenv(struct substvar sv);`
			`-struct substvar removestdenv(struct substvar sv);`
			`+struct substvar addstdenv(struct substvar sv, const char *prefix);`
			`+struct substvar removestdenv(struct substvar sv, const char *prefix);`
			`void add_std_amd_vars(struct substvar *sv);`
			`void remove_std_amd_vars(void);`
			`struct amd_entry new_amd_entry(const struct substvar sv);`
			`--- autofs-5.0.7.orig/lib/mounts.c`
			`+++ autofs-5.0.7/lib/mounts.c`
			`@@ -32,6 +32,7 @@`

			`#define MAX_OPTIONS_LEN 80`
			`#define MAX_MNT_NAME_LEN 30`
			`+#define MAX_ENV_NAME 15`

			`#define EBUFSIZ 1024`

			`@@ -328,7 +329,61 @@ int check_nfs_mount_version(struct nfs_m`
			`}`
			`#endif`

			`-struct substvar addstdenv(struct substvar sv)`
			`+static char set_env_name(const char prefix, const char name, char buf)`
			`+{`
			`+ size_t len;`
			`+`
			`+ len = strlen(name);`
			`+ if (prefix)`
			`+ len += strlen(prefix);`
			`+ len++;`
			`+`
			`+ if (len > MAX_ENV_NAME)`
			`+ return NULL;`
			`+`
			`+ if (!prefix)`
			`+ strcpy(buf, name);`
			`+ else {`
			`+ strcpy(buf, prefix);`
			`+ strcat(buf, name);`
			`+ }`
			`+ return buf;`
			`+}`
			`+`
			`+static struct substvar do_macro_addvar(struct substvar list,`
			`+ const char *prefix,`
			`+ const char *name,`
			`+ const char *val)`
			`+{`
			`+ char buf[MAX_ENV_NAME + 1];`
			`+ char *new;`
			`+ size_t len;`
			`+`
			`+ new = set_env_name(prefix, name, buf);`
			`+ if (new) {`
			`+ len = strlen(new);`
			`+ list = macro_addvar(list, new, len, val);`
			`+ }`
			`+ return list;`
			`+}`
			`+`
			`+static struct substvar do_macro_removevar(struct substvar list,`
			`+ const char *prefix,`
			`+ const char *name)`
			`+{`
			`+ char buf[MAX_ENV_NAME + 1];`
			`+ char *new;`
			`+ size_t len;`
			`+`
			`+ new = set_env_name(prefix, name, buf);`
			`+ if (new) {`
			`+ len = strlen(new);`
			`+ list = macro_removevar(list, new, len);`
			`+ }`
			`+ return list;`
			`+}`
			`+`
			`+struct substvar addstdenv(struct substvar sv, const char *prefix)`
			`{`
			`struct substvar *list = sv;`
			`struct thread_stdenv_vars *tsv;`
			`@@ -343,14 +398,14 @@ struct substvar *addstdenv(struct substv`
			`num = (long) tsv->uid;`
			`ret = sprintf(numbuf, "%ld", num);`
			`if (ret > 0)`
			`- list = macro_addvar(list, "UID", 3, numbuf);`
			`+ list = do_macro_addvar(list, prefix, "UID", numbuf);`
			`num = (long) tsv->gid;`
			`ret = sprintf(numbuf, "%ld", num);`
			`if (ret > 0)`
			`- list = macro_addvar(list, "GID", 3, numbuf);`
			`- list = macro_addvar(list, "USER", 4, tsv->user);`
			`- list = macro_addvar(list, "GROUP", 5, tsv->group);`
			`- list = macro_addvar(list, "HOME", 4, tsv->home);`
			`+ list = do_macro_addvar(list, prefix, "GID", numbuf);`
			`+ list = do_macro_addvar(list, prefix, "USER", tsv->user);`
			`+ list = do_macro_addvar(list, prefix, "GROUP", tsv->group);`
			`+ list = do_macro_addvar(list, prefix, "HOME", tsv->home);`
			`mv = macro_findvar(list, "HOST", 4);`
			`if (mv) {`
			`char *shost = strdup(mv->val);`
			`@@ -358,7 +413,8 @@ struct substvar *addstdenv(struct substv`
			`char *dot = strchr(shost, '.');`
			`if (dot)`
			`*dot = '\0';`
			`- list = macro_addvar(list, "SHOST", 5, shost);`
			`+ list = do_macro_addvar(list,`
			`+ prefix, "SHOST", shost);`
			`free(shost);`
			`}`
			`}`
			`@@ -366,16 +422,16 @@ struct substvar *addstdenv(struct substv`
			`return list;`
			`}`

			`-struct substvar removestdenv(struct substvar sv)`
			`+struct substvar removestdenv(struct substvar sv, const char *prefix)`
			`{`
			`struct substvar *list = sv;`

			`- list = macro_removevar(list, "UID", 3);`
			`- list = macro_removevar(list, "USER", 4);`
			`- list = macro_removevar(list, "HOME", 4);`
			`- list = macro_removevar(list, "GID", 3);`
			`- list = macro_removevar(list, "GROUP", 5);`
			`- list = macro_removevar(list, "SHOST", 5);`
			`+ list = do_macro_removevar(list, prefix, "UID");`
			`+ list = do_macro_removevar(list, prefix, "USER");`
			`+ list = do_macro_removevar(list, prefix, "HOME");`
			`+ list = do_macro_removevar(list, prefix, "GID");`
			`+ list = do_macro_removevar(list, prefix, "GROUP");`
			`+ list = do_macro_removevar(list, prefix, "SHOST");`
			`return list;`
			`}`

			`--- autofs-5.0.7.orig/modules/lookup_program.c`
			`+++ autofs-5.0.7/modules/lookup_program.c`
			`@@ -181,7 +181,7 @@ static char *lookup_one(struct autofs_po`
			`if (ctxt->mapfmt && strcmp(ctxt->mapfmt, "MAPFMT_DEFAULT")) {`
			`struct parse_context pctxt = (struct parse_context ) ctxt->parse->context;`
			`/* Add standard environment as seen by sun map parser */`
			`- pctxt->subst = addstdenv(pctxt->subst);`
			`+ pctxt->subst = addstdenv(pctxt->subst, "AUTOFS_");`
			`macro_setenv(pctxt->subst);`
			`}`
			`execl(ctxt->mapname, ctxt->mapname, name, NULL);`
			`--- autofs-5.0.7.orig/modules/parse_sun.c`
			`+++ autofs-5.0.7/modules/parse_sun.c`
			`@@ -1214,12 +1214,12 @@ int parse_mount(struct autofs_point *ap,`
			`pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cur_state);`
			`macro_lock();`

			`- ctxt->subst = addstdenv(ctxt->subst);`
			`+ ctxt->subst = addstdenv(ctxt->subst, NULL);`

			`mapent_len = expandsunent(mapent, NULL, name, ctxt->subst, slashify);`
			`if (mapent_len == 0) {`
			`error(ap->logopt, MODPREFIX "failed to expand map entry");`
			`- ctxt->subst = removestdenv(ctxt->subst);`
			`+ ctxt->subst = removestdenv(ctxt->subst, NULL);`
			`macro_unlock();`
			`pthread_setcancelstate(cur_state, NULL);`
			`return 1;`
			`@@ -1229,7 +1229,7 @@ int parse_mount(struct autofs_point *ap,`
			`if (!pmapent) {`
			`char *estr = strerror_r(errno, buf, MAX_ERR_BUF);`
			`logerr(MODPREFIX "alloca: %s", estr);`
			`- ctxt->subst = removestdenv(ctxt->subst);`
			`+ ctxt->subst = removestdenv(ctxt->subst, NULL);`
			`macro_unlock();`
			`pthread_setcancelstate(cur_state, NULL);`
			`return 1;`
			`@@ -1237,7 +1237,7 @@ int parse_mount(struct autofs_point *ap,`
			`pmapent[mapent_len] = '\0';`

			`expandsunent(mapent, pmapent, name, ctxt->subst, slashify);`
			`- ctxt->subst = removestdenv(ctxt->subst);`
			`+ ctxt->subst = removestdenv(ctxt->subst, NULL);`

			`macro_unlock();`
			`pthread_setcancelstate(cur_state, NULL);`