[prev in list] [next in list] [prev in thread] [next in thread] 

List:       autofs
Subject:    [PATCH 08/19] autofs-5.1.8 - fix loop under run in cache_get_offset_parent()
From:       Ian Kent <raven () themaw ! net>
Date:       2022-01-19 2:20:14
Message-ID: 164255836447.27570.16737275505010605969.stgit () mickey ! themaw ! net
[Download RAW message or body]

From: Frank Sorenson <sorenson@xxxxxxxxxx>

To avoid reading memory outside of the the string
allocated for parent, tail needs to stop when it
reaches or passes parent, even if it doesn't
actually equal parent.

Signed-off-by: Frank Sorenson <sorenson@xxxxxxxxxx>
---
 CHANGELOG   |    1 +
 lib/cache.c |    2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 9af33bf0..3b22937e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -5,6 +5,7 @@
 - fix root offset error handling.
 - fix nonstrict fail handling of last offset mount.
 - dont fail on duplicate offset entry tree add.
+- fix loop under run in cache_get_offset_parent().
 
 19/10/2021 autofs-5.1.8
 - add xdr_exports().
diff --git a/lib/cache.c b/lib/cache.c
index 66dda5d9..8aed28ea 100644
--- a/lib/cache.c
+++ b/lib/cache.c
@@ -710,7 +710,7 @@ struct mapent *cache_get_offset_parent(struct mapent_cache *mc, const char *key)
 		*tail = 0;
 
 		tail--;
-		if (tail == parent)
+		if (tail <= parent)
 			break;
 
 		me = cache_lookup_distinct(mc, parent);






[prev in list] [next in list] [prev in thread] [next in thread]