autofs-5.0.3 - nisplus partial and free From: Jeff Bastian During a nisplus key lookup nis_list() can return NIS_PARTIAL as well as possibly NIS_NOTFOUND or NIS_S_NOTFOUND when the key doesn't exist. This patch adds this to the checks and fixes a use after free of the result struct. --- CHANGELOG | 1 + modules/lookup_nisplus.c | 16 ++++++++++------ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 7f3c0d3..4c7a37d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -39,6 +39,7 @@ - fix fd leak at multi-mount non-fatal mount fail. - fix incorrect multi-mount mountpoint calcualtion. - fix map out of order map re-read on hup signal. +- fix nisplus error return check and use after free error. 14/01/2008 autofs-5.0.3 ----------------------- diff --git a/modules/lookup_nisplus.c b/modules/lookup_nisplus.c index 4666161..755556d 100644 --- a/modules/lookup_nisplus.c +++ b/modules/lookup_nisplus.c @@ -285,13 +285,15 @@ static int lookup_one(struct autofs_point *ap, result = nis_list(tablename, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL); if (result->status != NIS_SUCCESS && result->status != NIS_S_SUCCESS) { + nis_error rs = result->status; nis_freeresult(result); pthread_setcancelstate(cur_state, NULL); - if (result->status == NIS_NOTFOUND || - result->status == NIS_S_NOTFOUND) + if (rs == NIS_NOTFOUND || + rs == NIS_S_NOTFOUND || + rs == NIS_PARTIAL) return CHE_MISSING; - return -result->status; + return -rs; } @@ -338,13 +340,15 @@ static int lookup_wild(struct autofs_point *ap, struct lookup_context *ctxt) result = nis_list(tablename, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL); if (result->status != NIS_SUCCESS && result->status != NIS_S_SUCCESS) { + nis_error rs = result->status; nis_freeresult(result); pthread_setcancelstate(cur_state, NULL); - if (result->status == NIS_NOTFOUND || - result->status == NIS_S_NOTFOUND) + if (rs == NIS_NOTFOUND || + rs == NIS_S_NOTFOUND || + rs == NIS_PARTIAL) return CHE_MISSING; - return -result->status; + return -rs; } this = NIS_RES_OBJECT(result);