autofs-5.0.1 - fix sanity checks for brackets in server name From: Siddhesh Poyarekar <siddhesh.poyarekar@gmail.com> When autofs is configured as follows: * -nodev,nosuid,intr,soft,retry=10,proto=tcp &:/tmp1 One could make a mount request as follows: df /autom/tmp1/som\(efile and crash automount, since automount tries to parse the brackets to get the weight for the server. Automount should not parse these brackets if they're escaped. Also throw a syntax error in case of mismatched brackets instead of crashing. Sample configuration for this: * -nodev,nosuid,intr,soft,retry=10,proto=tcp foo(2:/tmp1 Signed-off-by: Siddhesh Poyarekar <siddhesh.poyarekar@gmail.com> Signed-off-by: Ian Kent <raven@themaw.net> --- modules/replicated.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- autofs-5.0.1.orig/modules/replicated.c +++ autofs-5.0.1/modules/replicated.c @@ -1144,7 +1144,7 @@ static char *seek_delim(const char *s) char *delim; delim = strpbrk(p, "(, \t:"); - if (delim && *delim != ':') + if (delim && *delim != ':' && (delim == s || *(delim - 1) != '\\')) return delim; while (*p) { @@ -1193,6 +1193,12 @@ int parse_location(unsigned logopt, stru *delim = '\0'; weight = atoi(w); } + else { + /* syntax error - Mismatched brackets */ + free_host_list(hosts); + free(str); + return 0; + } delim++; }