[packages/autofs.git] / autofs-5.0.4-fix-hosts-map-use-after-free.patch

autofs-5.0.4 - fix hosts map use after free

From: Ian Kent <raven@themaw.net>

This patch fixed use a map entry after it has been freed in the
hosts map lookup module.
---

 CHANGELOG              |    1 +
 modules/lookup_hosts.c |    8 +++++---
 2 files changed, 6 insertions(+), 3 deletions(-)


diff --git a/CHANGELOG b/CHANGELOG
index eb4a189..3199e4d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -9,6 +9,7 @@
   Valerie Aurora Henson).
 - clear the quoted flag after each character from program map input.
 - use CLOEXEC flag for setmntent also.
+- fix hosts map use after free.
 
 4/11/2008 autofs-5.0.4
 -----------------------
diff --git a/modules/lookup_hosts.c b/modules/lookup_hosts.c
index 93b975a..d3ae0e2 100644
--- a/modules/lookup_hosts.c
+++ b/modules/lookup_hosts.c
@@ -138,17 +138,19 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void *
 	/* Check if we recorded a mount fail for this key anywhere */
 	me = lookup_source_mapent(ap, name, LKP_DISTINCT);
 	if (me) {
+		struct mapent_cache *fmc = me->mc;
+
 		if (me->status >= time(NULL)) {
-			cache_unlock(me->mc);
+			cache_unlock(fmc);
 			return NSS_STATUS_NOTFOUND;
 		}
 
 		if (!me->mapent) {
-			cache_delete(me->mc, name);
+			cache_delete(fmc, name);
 			me = NULL;
 		}
 
-		cache_unlock(me->mc);
+		cache_unlock(fmc);
 	}
 
 	cache_readlock(mc);
Commit	Line	Data
	1	autofs-5.0.4 - fix hosts map use after free
	2
	3	From: Ian Kent <raven@themaw.net>
	4
	5	This patch fixed use a map entry after it has been freed in the
	6	hosts map lookup module.
	7	---
	8
	9	CHANGELOG \| 1 +
	10	modules/lookup_hosts.c \| 8 +++++---
	11	2 files changed, 6 insertions(+), 3 deletions(-)
	12
	13
	14	diff --git a/CHANGELOG b/CHANGELOG
	15	index eb4a189..3199e4d 100644
	16	--- a/CHANGELOG
	17	+++ b/CHANGELOG
	18	@@ -9,6 +9,7 @@
	19	Valerie Aurora Henson).
	20	- clear the quoted flag after each character from program map input.
	21	- use CLOEXEC flag for setmntent also.
	22	+- fix hosts map use after free.
	23
	24	4/11/2008 autofs-5.0.4
	25	-----------------------
	26	diff --git a/modules/lookup_hosts.c b/modules/lookup_hosts.c
	27	index 93b975a..d3ae0e2 100644
	28	--- a/modules/lookup_hosts.c
	29	+++ b/modules/lookup_hosts.c
	30	@@ -138,17 +138,19 @@ int lookup_mount(struct autofs_point ap, const char name, int name_len, void *
	31	/* Check if we recorded a mount fail for this key anywhere */
	32	me = lookup_source_mapent(ap, name, LKP_DISTINCT);
	33	if (me) {
	34	+ struct mapent_cache *fmc = me->mc;
	35	+
	36	if (me->status >= time(NULL)) {
	37	- cache_unlock(me->mc);
	38	+ cache_unlock(fmc);
	39	return NSS_STATUS_NOTFOUND;
	40	}
	41
	42	if (!me->mapent) {
	43	- cache_delete(me->mc, name);
	44	+ cache_delete(fmc, name);
	45	me = NULL;
	46	}
	47
	48	- cache_unlock(me->mc);
	49	+ cache_unlock(fmc);
	50	}
	51
	52	cache_readlock(mc);