powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1036 Commits
1 Branch
0 Tags
390 MiB
 
 
 
 
 
 
Tree: 5f46da4525
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5f46da4525'
${ noResults }
base/SOURCES/autofs-5.0.7-fix-several-of...

128 lines
4.1 KiB
Raw Blame History

autofs-5.0.7 - fix several off by one errors
From: Ian Kent <raven@themaw.net>
Fix several off-by-one array reference errors and a couple of short allocation
errors.
---
daemon/spawn.c | 10 +++++-----
lib/defaults.c | 2 +-
modules/lookup_ldap.c | 8 ++++----
modules/parse_hesiod.c | 2 +-
modules/parse_sun.c | 2 +-
5 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/daemon/spawn.c b/daemon/spawn.c
index 3b4a009..9b8d5a2 100644
--- a/daemon/spawn.c
+++ b/daemon/spawn.c
@@ -320,7 +320,7 @@ int spawn_mount(unsigned logopt, ...)
unsigned int retries = MTAB_LOCK_RETRIES;
int update_mtab = 1, ret, printed = 0;
unsigned int wait = defaults_get_mount_wait();
- char buf[PATH_MAX];
+ char buf[PATH_MAX + 1];
/* If we use mount locking we can't validate the location */
#ifdef ENABLE_MOUNT_LOCKING
@@ -346,7 +346,7 @@ int spawn_mount(unsigned logopt, ...)
}
/* Alloc 1 extra slot in case we need to use the "-f" option */
- if (!(argv = alloca(sizeof(char *) * argc + 2)))
+ if (!(argv = alloca(sizeof(char *) * (argc + 2))))
return -1;
argv[0] = arg0;
@@ -448,7 +448,7 @@ int spawn_bind_mount(unsigned logopt, ...)
unsigned int options;
unsigned int retries = MTAB_LOCK_RETRIES;
int update_mtab = 1, ret, printed = 0;
- char buf[PATH_MAX];
+ char buf[PATH_MAX + 1];
/* If we use mount locking we can't validate the location */
#ifdef ENABLE_MOUNT_LOCKING
@@ -477,7 +477,7 @@ int spawn_bind_mount(unsigned logopt, ...)
}
}
- if (!(argv = alloca(sizeof(char *) * argc + 2)))
+ if (!(argv = alloca(sizeof(char *) * (argc + 2))))
return -1;
argv[0] = arg0;
@@ -556,7 +556,7 @@ int spawn_umount(unsigned logopt, ...)
unsigned int retries = MTAB_LOCK_RETRIES;
int update_mtab = 1, ret, printed = 0;
unsigned int wait = defaults_get_umount_wait();
- char buf[PATH_MAX];
+ char buf[PATH_MAX + 1];
#ifdef ENABLE_MOUNT_LOCKING
options = SPAWN_OPT_LOCK;
diff --git a/lib/defaults.c b/lib/defaults.c
index ae1162f..1e89509 100644
--- a/lib/defaults.c
+++ b/lib/defaults.c
@@ -227,7 +227,7 @@ void defaults_free_uris(struct list_head *list)
static unsigned int add_uris(char *value, struct list_head *list)
{
char *str, *tok, *ptr = NULL;
- size_t len = strlen(value);
+ size_t len = strlen(value) + 1;
str = alloca(len);
if (!str)
diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
index 83e3215..17cbe9a 100644
--- a/modules/lookup_ldap.c
+++ b/modules/lookup_ldap.c
@@ -2234,8 +2234,8 @@ static int do_get_entries(struct ldap_search_params *sp, struct map_source *sour
mapent = new_me;
strcat(mapent, " ");
strncat(mapent, v_val, v_len);
- mapent[new_size] = '\0';
- mapent_len = new_size;
+ mapent[new_size - 1] = '\0';
+ mapent_len = new_size - 1;
} else {
char *estr;
estr = strerror_r(errno, buf, sizeof(buf));
@@ -2723,8 +2723,8 @@ static int lookup_one(struct autofs_point *ap,
mapent = new_me;
strcat(mapent, " ");
strncat(mapent, v_val, v_len);
- mapent[new_size] = '\0';
- mapent_len = new_size;
+ mapent[new_size - 1] = '\0';
+ mapent_len = new_size - 1;
} else {
char *estr;
estr = strerror_r(errno, buf, sizeof(buf));
diff --git a/modules/parse_hesiod.c b/modules/parse_hesiod.c
index 7a6a57d..237fd50 100644
--- a/modules/parse_hesiod.c
+++ b/modules/parse_hesiod.c
@@ -117,7 +117,7 @@ static int parse_nfs(struct autofs_point *ap,
p++;
/* Isolate the remote mountpoint for this NFS fs. */
- for (i = 0; (!isspace(p[i]) && i < (int) sizeof(mount)); i++) {
+ for (i = 0; (!isspace(p[i]) && i < ((int) sizeof(mount) - 1)); i++) {
if (!p[i]) {
error(ap->logopt, MODPREFIX
"unexpeced end of input looking for NFS "
diff --git a/modules/parse_sun.c b/modules/parse_sun.c
index ae1caf7..c1fc528 100644
--- a/modules/parse_sun.c
+++ b/modules/parse_sun.c
@@ -1135,7 +1135,7 @@ static int mount_subtree(struct autofs_point *ap, struct mapent *me,
}
ro_len = strlen(ro_loc);
- tmp = alloca(mnt_root_len + 1);
+ tmp = alloca(mnt_root_len + 2);
strcpy(tmp, mnt_root);
tmp[mnt_root_len] = '/';
tmp[mnt_root_len + 1] = '\0';