Re: [autofs] [patch] Fix buffer overflow with large key lengths in file maps

raven Fri, 29 Apr 2005 09:18:13 -0700

On Fri, 29 Apr 2005, Jeff Moyer wrote:

Hi Ian,

I'm attempting to get the connectathon automount test suite running, and it
turned up this bug.  Basically, we never do any bounds checking on the key
array passed into read_one in lookup_file.c.   This patch fixes the problem
in my environment.

Thanks,

Jeff

--- autofs-4.1.4/modules/lookup_file.c.orig     2005-04-29 11:14:54.699437608 
-0400
+++ autofs-4.1.4/modules/lookup_file.c  2005-04-29 11:21:16.004470432 -0400
@@ -157,6 +157,10 @@ static int read_one(FILE *f, char *key,
                        break;

                case st_compare:
+                       if (kptr - key > KEY_MAX_LEN) {
+                               state = st_badent;
+                               break;
+                       }
                        if (ch == '\n')
                                state = st_begin;
                        else if (isspace(ch) && !escape) {


Thanfs Jeff. I'll merge that.

Ian

_______________________________________________
autofs mailing list
autofs@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/autofs

Re: [autofs] [patch] Fix buffer overflow with large key lengths in file maps

Reply via email to