powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1106 Commits
1 Branch
0 Tags
390 MiB
Tree: dccae62647
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'dccae62647'
${ noResults }
base/SOURCES/autofs-5.0.7-fix-potential-...

158 lines
5.2 KiB
Raw Normal View History Unescape

autofs package update Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
7 years ago
autofs-5.0.7 - fix potential null dereference in lookup_mount()
From: Ian Kent <raven@themaw.net>
Updating a negative cache entry should always find an entry but the entry
lookup return isn't checked and probably should be.
Since this code is duplicated in several modules add it as a function to
the cache handling code.
---
include/automount.h | 1 +
lib/cache.c | 20 ++++++++++++++++++++
modules/lookup_file.c | 11 +----------
modules/lookup_ldap.c | 12 +-----------
modules/lookup_sss.c | 12 +-----------
modules/lookup_yp.c | 12 ++----------
6 files changed, 26 insertions(+), 42 deletions(-)
diff --git a/include/automount.h b/include/automount.h
index 6ced842..71787a5 100644
--- a/include/automount.h
+++ b/include/automount.h
@@ -189,6 +189,7 @@ struct mapent *cache_lookup_offset(const char *prefix, const char *offset, int s
struct mapent *cache_partial_match(struct mapent_cache *mc, const char *prefix);
int cache_add(struct mapent_cache *mc, struct map_source *ms, const char *key, const char *mapent, time_t age);
int cache_update_offset(struct mapent_cache *mc, const char *mkey, const char *key, const char *mapent, time_t age);
+void cache_update_negative(struct mapent_cache *mc, struct map_source *ms, const char *key, time_t timeout);
int cache_set_parents(struct mapent *mm);
int cache_update(struct mapent_cache *mc, struct map_source *ms, const char *key, const char *mapent, time_t age);
int cache_delete(struct mapent_cache *mc, const char *key);
diff --git a/lib/cache.c b/lib/cache.c
index ecace4a..be4917b 100644
--- a/lib/cache.c
+++ b/lib/cache.c
@@ -680,6 +680,26 @@ done:
return ret;
}
+void cache_update_negative(struct mapent_cache *mc,
+ struct map_source *ms, const char *key,
+ time_t timeout)
+{
+ time_t now = time(NULL);
+ struct mapent *me;
+ int rv = CHE_OK;
+
+ me = cache_lookup_distinct(mc, key);
+ if (!me)
+ rv = cache_update(mc, ms, key, NULL, now);
+ if (rv != CHE_FAIL) {
+ me = cache_lookup_distinct(mc, key);
+ if (me)
+ me->status = now + timeout;
+ }
+ return;
+}
+
+
static struct mapent *get_parent(const char *key, struct list_head *head, struct list_head **pos)
{
struct list_head *next;
diff --git a/modules/lookup_file.c b/modules/lookup_file.c
index 2836996..4b4ee89 100644
--- a/modules/lookup_file.c
+++ b/modules/lookup_file.c
@@ -1130,17 +1130,8 @@ do_cache_lookup:
ret = ctxt->parse->parse_mount(ap, key, key_len,
mapent, ctxt->parse->context);
if (ret) {
- time_t now = time(NULL);
- int rv = CHE_OK;
-
cache_writelock(mc);
- me = cache_lookup_distinct(mc, key);
- if (!me)
- rv = cache_update(mc, source, key, NULL, now);
- if (rv != CHE_FAIL) {
- me = cache_lookup_distinct(mc, key);
- me->status = now + ap->negative_timeout;
- }
+ cache_update_negative(mc, source, key, ap->negative_timeout);
cache_unlock(mc);
return NSS_STATUS_TRYAGAIN;
}
diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
index a59de92..26481a8 100644
--- a/modules/lookup_ldap.c
+++ b/modules/lookup_ldap.c
@@ -3011,18 +3011,8 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void *
ret = ctxt->parse->parse_mount(ap, key, key_len,
mapent, ctxt->parse->context);
if (ret) {
- time_t now = time(NULL);
- int rv = CHE_OK;
-
- /* Record the the mount fail in the cache */
cache_writelock(mc);
- me = cache_lookup_distinct(mc, key);
- if (!me)
- rv = cache_update(mc, source, key, NULL, now);
- if (rv != CHE_FAIL) {
- me = cache_lookup_distinct(mc, key);
- me->status = now + ap->negative_timeout;
- }
+ cache_update_negative(mc, source, key, ap->negative_timeout);
cache_unlock(mc);
return NSS_STATUS_TRYAGAIN;
}
diff --git a/modules/lookup_sss.c b/modules/lookup_sss.c
index 5c2ed0a..1fe740b 100644
--- a/modules/lookup_sss.c
+++ b/modules/lookup_sss.c
@@ -672,18 +672,8 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void *
ret = ctxt->parse->parse_mount(ap, key, key_len,
mapent, ctxt->parse->context);
if (ret) {
- time_t now = time(NULL);
- int rv = CHE_OK;
-
- /* Record the the mount fail in the cache */
cache_writelock(mc);
- me = cache_lookup_distinct(mc, key);
- if (!me)
- rv = cache_update(mc, source, key, NULL, now);
- if (rv != CHE_FAIL) {
- me = cache_lookup_distinct(mc, key);
- me->status = now + ap->negative_timeout;
- }
+ cache_update_negative(mc, source, key, ap->negative_timeout);
cache_unlock(mc);
return NSS_STATUS_TRYAGAIN;
}
diff --git a/modules/lookup_yp.c b/modules/lookup_yp.c
index a716e1f..e99e3c0 100644
--- a/modules/lookup_yp.c
+++ b/modules/lookup_yp.c
@@ -698,18 +698,10 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void *
ret = ctxt->parse->parse_mount(ap, key, key_len,
mapent, ctxt->parse->context);
if (ret) {
- time_t now = time(NULL);
- int rv = CHE_OK;
-
cache_writelock(mc);
- me = cache_lookup_distinct(mc, key);
- if (!me)
- rv = cache_update(mc, source, key, NULL, now);
- if (rv != CHE_FAIL) {
- me = cache_lookup_distinct(mc, key);
- me->status = now + ap->negative_timeout;
- }
+ cache_update_negative(mc, source, key, ap->negative_timeout);
cache_unlock(mc);
+ return NSS_STATUS_TRYAGAIN;
}
}