diff options
author | Ian Kent <raven@themaw.net> | 2023-03-18 09:25:50 +0800 |
---|---|---|
committer | Ian Kent <raven@themaw.net> | 2023-03-25 10:56:24 +0800 |
commit | 80b8c2b8701438e108c935369736c4f985f28985 (patch) | |
tree | 1b547286993e59c9ff18bb4a378b3cd59490f83e | |
parent | 635b90eccee957c39d26d01f2e23c07575b25e89 (diff) | |
download | autofs-80b8c2b8701438e108c935369736c4f985f28985.tar.gz |
autofs-5.1.8 - fix unterminated read in handle_cmd_pipe_fifo_message()
As Coverity points out the buffer in handle_cmd_pipe_fifo_message()
could be overflowed and end up not terminated so fix it.
Signed-off-by: Ian Kent <raven@themaw.net>
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | daemon/automount.c | 7 |
2 files changed, 7 insertions, 1 deletions
@@ -70,6 +70,7 @@ - switch to application wide command pipe. - get rid of unused field submnt_count. - fix mount tree startup reconnect. +- fix unterminated read in handle_cmd_pipe_fifo_message(). 19/10/2021 autofs-5.1.8 - add xdr_exports(). diff --git a/daemon/automount.c b/daemon/automount.c index 0e43e942..4fefb870 100644 --- a/daemon/automount.c +++ b/daemon/automount.c @@ -1452,7 +1452,6 @@ static void handle_cmd_pipe_fifo_message(int fd) int ret; long pri; - memset(buffer, 0, sizeof(buffer)); ret = read(fd, &buffer, sizeof(buffer)); if (ret < 0) { char *estr = strerror_r(errno, buf, MAX_ERR_BUF); @@ -1460,6 +1459,12 @@ static void handle_cmd_pipe_fifo_message(int fd) "read on command pipe returned error: %s", estr); return; } + if (ret >= sizeof(buffer)) { + error(LOGOPT_ANY, + "read overrun on command pipe message"); + return; + } + buffer[ret] = 0; sep = strrchr(buffer, ' '); if (!sep) { |