autofs-5.0.1 - lookup_prune_cache() fixes
From: Ian Kent <raven@themaw.net>
- fix memory leak in lookup_prune_cache().
- fix a double free in lookup_prune_cache().
- fix a use after free in lookup_prune_cache().
---
daemon/lookup.c | 23 +++++++++--------------
1 file changed, 9 insertions(+), 14 deletions(-)
--- autofs-5.0.1.orig/daemon/lookup.c
+++ autofs-5.0.1/daemon/lookup.c
@@ -1046,8 +1046,11 @@ int lookup_prune_cache(struct autofs_poi
key = strdup(me->key);
me = cache_enumerate(mc, me);
- if (!key || *key == '*')
- continue;
+ if (!key || *key == '*') {
+ if (key)
+ free(key);
+ continue;
+ }
path = make_fullpath(ap->path, key);
if (!path) {
@@ -1074,10 +1077,6 @@ int lookup_prune_cache(struct autofs_poi
this = cache_lookup_distinct(mc, key);
if (!this) {
cache_unlock(mc);
- free(key);
- if (next_key)
- free(next_key);
- free(path);
goto next;
}
@@ -1095,18 +1094,14 @@ int lookup_prune_cache(struct autofs_poi
}
cache_unlock(mc);
- if (!next_key) {
- free(key);
- free(path);
- cache_readlock(mc);
- continue;
- }
next:
cache_readlock(mc);
- me = cache_lookup_distinct(mc, next_key);
+ if (next_key) {
+ me = cache_lookup_distinct(mc, next_key);
+ free(next_key);
+ }
free(key);
free(path);
- free(next_key);
}
pthread_cleanup_pop(1);
map->stale = 0;
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
130701790bf2d95e902edf16031ff596
>
files
>
114
