diff --git a/CHANGELOG b/CHANGELOG
index 4b5a14b..e42bf42 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -48,6 +48,7 @@
- expand export access checks to include missing syntax options.
- make "-hosts" module try to be sensitive to exports list changes.
- change mount "device" from "automount" to the map name.
+- check for buffer overflow in mount_afs.c.
1/9/2006 autofs-5.0.1 rc2
-------------------------
diff --git a/modules/mount_afs.c b/modules/mount_afs.c
index 252302e..3b4261a 100644
--- a/modules/mount_afs.c
+++ b/modules/mount_afs.c
@@ -30,11 +30,18 @@ int mount_init(void **context)
int mount_mount(struct autofs_point *ap, const char *root, const char *name, int name_len,
const char *what, const char *fstype, const char *options, void *context)
{
- char dest[PATH_MAX * 2];
-
- strcpy(dest, root); /* Convert the name to a mount point. */
- strncat(dest, "/", sizeof(dest));
- strncat(dest, name, sizeof(dest));
+ /* PATH_MAX is allegedly longest path allowed */
+ char dest[PATH_MAX + 1];
+ size_t r_len = strlen(root);
+ size_t d_len = r_len + name_len + 2;
+
+ if (d_len > PATH_MAX)
+ return 1;
+
+ /* Convert the name to a mount point. */
+ strcpy(dest, root);
+ strcat(dest, "/");
+ strcat(dest, name);
/* remove trailing slash (http://bugs.debian.org/141775) */
if (dest[strlen(dest)-1] == '/')
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
130701790bf2d95e902edf16031ff596
>
files
>
129
