Hi,
There seems to be a possible buffer overflow in modules/mount_afs.c.
strncat(dest, src, n) uses at most n chars from src. n is not the
size of dest. Patch below.
Regards,
Matthias
--- modules/mount_afs.c
+++ modules/mount_afs.c
@@ -36,8 +36,8 @@
char dest[PATH_MAX * 2];
strcpy(dest, root); /* Convert the name to a mount point. */
- strncat(dest, "/", sizeof(dest));
- strncat(dest, name, sizeof(dest));
+ strncat(dest, "/", sizeof(dest)-strlen(dest)-1);
+ strncat(dest, name, sizeof(dest)-strlen(dest)-1);
/* remove trailing slash (http://bugs.debian.org/141775) */
if (dest[strlen(dest)-1] == '/')
_______________________________________________
autofs mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/autofs
