[autofs] [patch] Fix buffer overflow with large key lengths in file maps

Jeff Moyer Fri, 29 Apr 2005 08:35:35 -0700

Hi Ian,

I'm attempting to get the connectathon automount test suite running, and it
turned up this bug.  Basically, we never do any bounds checking on the key
array passed into read_one in lookup_file.c.   This patch fixes the problem
in my environment.


Thanks,

Jeff

--- autofs-4.1.4/modules/lookup_file.c.orig     2005-04-29 11:14:54.699437608 
-0400
+++ autofs-4.1.4/modules/lookup_file.c  2005-04-29 11:21:16.004470432 -0400
@@ -157,6 +157,10 @@ static int read_one(FILE *f, char *key, 
                        break;
 
                case st_compare:
+                       if (kptr - key > KEY_MAX_LEN) {
+                               state = st_badent;
+                               break;
+                       }
                        if (ch == '\n')
                                state = st_begin;
                        else if (isspace(ch) && !escape) {

_______________________________________________
autofs mailing list
autofs@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/autofs

[autofs] [patch] Fix buffer overflow with large key lengths in file maps

Reply via email to