[autofs/f19] - add a couple of upstream fixes and a bunch of changes based on a Covarity report.
Ian Kent
iankent at fedoraproject.org
Tue Jun 11 08:21:20 UTC 2013
commit d0a9d87d1afcaf044096d42deb334fdda285954a
Author: Ian Kent <raven at themaw.net>
Date: Tue Jun 11 16:20:53 2013 +0800
- add a couple of upstream fixes and a bunch of changes based on a Covarity report.
...0.7-add-changlog-entry-for-coverity-fixes.patch | 48 ++++++
...rt-for-waitpid-in-check_nfs_mount_version.patch | 24 +++
...tion-of-bind_result-in.patch-do_sasl_bind.patch | 23 +++
...-map-entry-null-check-in-do_expire_direct.patch | 25 +++
...null-check-in-lookup-nisplus-lookup_mount.patch | 24 +++
...s-5.0.7-add-null-check-in-extract_version.patch | 23 +++
...0.7-add-null-check-in-parse_server_string.patch | 26 ++++
autofs-5.0.7-add-null-check-in-read_one.patch | 26 ++++
autofs-5.0.7-add-pgrp-check-in-do_spawn.patch | 23 +++
...heck-mkdir_path-in-mount_bind-mount_mount.patch | 27 ++++
autofs-5.0.7-fix-fcntl-return-check.patch | 25 +++
...-fix-map-entry-duplicate-offset-detection.patch | 37 +++++
...-host_addr-null-reference-in-add_new_host.patch | 55 +++++++
...-inconsistent-signed-usage-for-__rpc_ping.patch | 41 +++++
...ache-lock-in-handle_packet_missing_direct.patch | 23 +++
....0.7-fix-incorrect-check-in-flag_is_owned.patch | 30 ++++
autofs-5.0.7-fix-incorrect-name-in-test.patch | 22 +++
...x-incorrect-value-reference-in-parse_line.patch | 22 +++
...dap-percent-hack-allocation-in-lookup_one.patch | 21 +++
...-5.0.7-fix-master-map-bogus-keywork-match.patch | 62 ++++++++
...0.7-fix-master-map-mount-options-matching.patch | 43 ++++++
autofs-5.0.7-fix-memory-leak-in-get_dc_list.patch | 30 ++++
...-use-after-free-in-lookup_dir-lookup_init.patch | 21 +++
...otential-null-dereference-in-lookup_mount.patch | 157 ++++++++++++++++++++
autofs-5.0.7-fix-several-off-by-one-errors.patch | 128 ++++++++++++++++
...nt-return-check-in-mount_bind-lookup_init.patch | 23 +++
...-nfs-version-in-turn-for-singleton-mounts.patch | 104 +++++++++++++
...p-entry-lookup-return-in-do_readmap_mount.patch | 30 ++++
...s-5.0.7-remove-debug-only-code-in-alarm-c.patch | 36 +++++
autofs.spec | 66 ++++++++-
30 files changed, 1244 insertions(+), 1 deletions(-)
---
diff --git a/autofs-5.0.7-add-changlog-entry-for-coverity-fixes.patch b/autofs-5.0.7-add-changlog-entry-for-coverity-fixes.patch
new file mode 100644
index 0000000..a628512
--- /dev/null
+++ b/autofs-5.0.7-add-changlog-entry-for-coverity-fixes.patch
@@ -0,0 +1,48 @@
+autofs-5.0.7 - add changlog entry for coverity fixes
+
+From: Ian Kent <raven at themaw.net>
+
+A bunch of changes have been made based on a Covarity report.
+Mostly I pust the changes into seperate patches so they can be kept simple.
+
+Changes:
+- fix fcntl return check.
+- fix spawn_umount() return check in mount_bind.c:lookup_init().
+- fix check mkdir_path() in mount_bind.c:mount_mount().
+- fix incorrect var name in test.
+- remove debug only code in alarm.c.
+- fix inconsistent use of cache lock in handle_packet_missing_direct().
+- fix several off by one errors.
+- fix memory leak in get_dc_list().
+- fix host_addr null reference in add_new_host().
+- add null check in read_one().
+- add pgrp check in do_spawn().
+- fix inconsistent signed usage for __rpc_ping().
+- add null check in extract_version().
+- recheck valid map entry lookup return in do_readmap_mount().
+- add null check in parse_server_string().
+- add map entry null check in do_expire_direct().
+- add mapent null check in lookup_nisplus.c:lookup_mount().
+- fix potential null dereference in lookup_mount().
+- fix leaked ldap percent hack allocation in lookup_one().
+- fix incorrect value reference in parse_line().
+- add debug alert for waitpid in check_nfs_mount_version().
+- add initialization of bind_result in-do_sasl_bind().
+- fix incorrect check in flag_is_owned().
+- fix possible use after free in lookup_dir.c:lookup_init().
+---
+ CHANGELOG | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 48e9806..25179b1 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -49,6 +49,7 @@
+ - fix master map bogus keywork match.
+ - fix fix map entry duplicate offset detection.
+ - probe each nfs version in turn for singleton mounts.
++- add changlog entry for coverity fixes.
+
+ 25/07/2012 autofs-5.0.7
+ =======================
diff --git a/autofs-5.0.7-add-debug-alert-for-waitpid-in-check_nfs_mount_version.patch b/autofs-5.0.7-add-debug-alert-for-waitpid-in-check_nfs_mount_version.patch
new file mode 100644
index 0000000..e8c239e
--- /dev/null
+++ b/autofs-5.0.7-add-debug-alert-for-waitpid-in-check_nfs_mount_version.patch
@@ -0,0 +1,24 @@
+autofs-5.0.7 - add debug alert for waitpid in check_nfs_mount_version()
+
+From: Ian Kent <raven at themaw.net>
+
+We don't really case if there's no process to wait for but add a debug
+log alert for information.
+---
+ lib/mounts.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/mounts.c b/lib/mounts.c
+index 7b959b8..a6f560e 100644
+--- a/lib/mounts.c
++++ b/lib/mounts.c
+@@ -287,7 +287,8 @@ int check_nfs_mount_version(struct nfs_mount_vers *vers,
+ ret = 0;
+ }
+
+- if (waitpid(f, &status, 0) != f) ;
++ if (waitpid(f, &status, 0) != f)
++ debug(LOGOPT_NONE, "no process found to wait for");
+
+ pthread_sigmask(SIG_SETMASK, &oldsig, NULL);
+ pthread_setcancelstate(cancel_state, NULL);
diff --git a/autofs-5.0.7-add-initialization-of-bind_result-in.patch-do_sasl_bind.patch b/autofs-5.0.7-add-initialization-of-bind_result-in.patch-do_sasl_bind.patch
new file mode 100644
index 0000000..0066b9b
--- /dev/null
+++ b/autofs-5.0.7-add-initialization-of-bind_result-in.patch-do_sasl_bind.patch
@@ -0,0 +1,23 @@
+autofs-5.0.7 - add initialization of bind_result in-do_sasl_bind()
+
+From: Ian Kent <raven at themaw.net>
+
+There is an unlikley code path where bind_result could be used uninitialized
+so initialize it so it isn't incorrectly used if it has rubish in it.
+---
+ modules/cyrus-sasl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/cyrus-sasl.c b/modules/cyrus-sasl.c
+index b456333..68f9242 100644
+--- a/modules/cyrus-sasl.c
++++ b/modules/cyrus-sasl.c
+@@ -210,7 +210,7 @@ int
+ do_sasl_bind(unsigned logopt, LDAP *ld, sasl_conn_t *conn, const char **clientout,
+ unsigned int *clientoutlen, const char *auth_mech, int sasl_result)
+ {
+- int ret, msgid, bind_result;
++ int ret, msgid, bind_result = LDAP_OTHER;
+ struct berval client_cred, *server_cred, temp_cred;
+ LDAPMessage *results;
+ int have_data, expected_data;
diff --git a/autofs-5.0.7-add-map-entry-null-check-in-do_expire_direct.patch b/autofs-5.0.7-add-map-entry-null-check-in-do_expire_direct.patch
new file mode 100644
index 0000000..165eec5
--- /dev/null
+++ b/autofs-5.0.7-add-map-entry-null-check-in-do_expire_direct.patch
@@ -0,0 +1,25 @@
+autofs-5.0.7 - add map entry null check in do_expire_direct()
+
+From: Ian Kent <raven at themaw.net>
+
+Since we've seen a mount failure for this map entry it should exist
+but add a null check in case it's been removed while we waited on
+the lock.
+---
+ daemon/direct.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/daemon/direct.c b/daemon/direct.c
+index 399ad0a..f85e1b5 100644
+--- a/daemon/direct.c
++++ b/daemon/direct.c
+@@ -1019,7 +1019,8 @@ static void *do_expire_direct(void *arg)
+ struct mapent *me;
+ cache_writelock(mt.mc);
+ me = cache_lookup_distinct(mt.mc, mt.name);
+- me->ioctlfd = -1;
++ if (me)
++ me->ioctlfd = -1;
+ cache_unlock(mt.mc);
+ ops->send_ready(ap->logopt, mt.ioctlfd, mt.wait_queue_token);
+ ops->close(ap->logopt, mt.ioctlfd);
diff --git a/autofs-5.0.7-add-mapent-null-check-in-lookup-nisplus-lookup_mount.patch b/autofs-5.0.7-add-mapent-null-check-in-lookup-nisplus-lookup_mount.patch
new file mode 100644
index 0000000..9cda9df
--- /dev/null
+++ b/autofs-5.0.7-add-mapent-null-check-in-lookup-nisplus-lookup_mount.patch
@@ -0,0 +1,24 @@
+autofs-5.0.7 - add mapent null check in lookup_nisplus.c:lookup_mount()
+
+From: Ian Kent <raven at themaw.net>
+
+malloc(3) could return null under low memory conditions, add a null check
+for this case.
+---
+ modules/lookup_nisplus.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/modules/lookup_nisplus.c b/modules/lookup_nisplus.c
+index 8237a1e..ef942a7 100644
+--- a/modules/lookup_nisplus.c
++++ b/modules/lookup_nisplus.c
+@@ -584,7 +584,8 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void *
+ if (me && (me->source == source || *me->key == '/')) {
+ mapent_len = strlen(me->mapent);
+ mapent = malloc(mapent_len + 1);
+- strcpy(mapent, me->mapent);
++ if (mapent)
++ strcpy(mapent, me->mapent);
+ }
+ }
+ cache_unlock(mc);
diff --git a/autofs-5.0.7-add-null-check-in-extract_version.patch b/autofs-5.0.7-add-null-check-in-extract_version.patch
new file mode 100644
index 0000000..93bd2ac
--- /dev/null
+++ b/autofs-5.0.7-add-null-check-in-extract_version.patch
@@ -0,0 +1,23 @@
+autofs-5.0.7 - add null check in extract_version()
+
+From: Ian Kent <raven at themaw.net>
+
+A space should always be found in the passed in string but a check
+should be done in case it isn't.
+---
+ lib/mounts.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/mounts.c b/lib/mounts.c
+index 0caa0aa..7b959b8 100644
+--- a/lib/mounts.c
++++ b/lib/mounts.c
+@@ -168,6 +168,8 @@ unsigned int get_kver_minor(void)
+ static int extract_version(char *start, struct nfs_mount_vers *vers)
+ {
+ char *s_ver = strchr(start, ' ');
++ if (!s_ver)
++ return 0;
+ while (*s_ver && !isdigit(*s_ver)) {
+ s_ver++;
+ if (!*s_ver)
diff --git a/autofs-5.0.7-add-null-check-in-parse_server_string.patch b/autofs-5.0.7-add-null-check-in-parse_server_string.patch
new file mode 100644
index 0000000..e5a0adb
--- /dev/null
+++ b/autofs-5.0.7-add-null-check-in-parse_server_string.patch
@@ -0,0 +1,26 @@
+autofs-5.0.7 - add null check in parse_server_string()
+
+From: Ian Kent <raven at themaw.net>
+
+Add an error check for the case there's no ':' server name delimiter in
+parse_server_string().
+---
+ modules/lookup_ldap.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
+index 17cbe9a..a59de92 100644
+--- a/modules/lookup_ldap.c
++++ b/modules/lookup_ldap.c
+@@ -1212,6 +1212,11 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
+ /* Isolate the server. Include the port spec */
+ if (*ptr != '[')
+ q = strchr(ptr, ':');
++ if (!q) {
++ crit(logopt, MODPREFIX
++ "LDAP server name not found in %s", ptr);
++ return 0;
++ }
+ else {
+ q = ++ptr;
+ while (*q == ':' || isxdigit(*q))
diff --git a/autofs-5.0.7-add-null-check-in-read_one.patch b/autofs-5.0.7-add-null-check-in-read_one.patch
new file mode 100644
index 0000000..a830bc9
--- /dev/null
+++ b/autofs-5.0.7-add-null-check-in-read_one.patch
@@ -0,0 +1,26 @@
+autofs-5.0.7 - add null check in read_one()
+
+From: Ian Kent <raven at themaw.net>
+
+The pointter p shouldn't be null here but add a chack anyway.
+---
+ modules/lookup_file.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/modules/lookup_file.c b/modules/lookup_file.c
+index 65e5ee6..2836996 100644
+--- a/modules/lookup_file.c
++++ b/modules/lookup_file.c
+@@ -302,8 +302,10 @@ static int read_one(unsigned logopt, FILE *f, char *key, unsigned int *k_len, ch
+ if (gotten == got_real || gotten == getting)
+ goto got_it;
+ } else if (mapent_len < MAPENT_MAX_LEN) {
+- mapent_len++;
+- *(p++) = ch;
++ if (p) {
++ mapent_len++;
++ *(p++) = ch;
++ }
+ nch = getc(f);
+ if (nch == EOF &&
+ (gotten == got_real || gotten == getting))
diff --git a/autofs-5.0.7-add-pgrp-check-in-do_spawn.patch b/autofs-5.0.7-add-pgrp-check-in-do_spawn.patch
new file mode 100644
index 0000000..6674f6d
--- /dev/null
+++ b/autofs-5.0.7-add-pgrp-check-in-do_spawn.patch
@@ -0,0 +1,23 @@
+autofs-5.0.7 - add pgrp check in do_spawn()
+
+From: Ian Kent <raven at themaw.net>
+
+The process group should never be negative here but add a check anyway.
+---
+ daemon/spawn.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/daemon/spawn.c b/daemon/spawn.c
+index 9b8d5a2..abb353a 100644
+--- a/daemon/spawn.c
++++ b/daemon/spawn.c
+@@ -201,7 +201,8 @@ static int do_spawn(unsigned logopt, unsigned int wait,
+
+ seteuid(0);
+ setegid(0);
+- setpgid(0, pgrp);
++ if (pgrp >= 0)
++ setpgid(0, pgrp);
+ }
+
+ execv(prog, (char *const *) argv);
diff --git a/autofs-5.0.7-fix-check-mkdir_path-in-mount_bind-mount_mount.patch b/autofs-5.0.7-fix-check-mkdir_path-in-mount_bind-mount_mount.patch
new file mode 100644
index 0000000..74ba6aa
--- /dev/null
+++ b/autofs-5.0.7-fix-check-mkdir_path-in-mount_bind-mount_mount.patch
@@ -0,0 +1,27 @@
+autofs-5.0.7 - fix check mkdir_path() in mount_bind.c:mount_mount()
+
+From: Ian Kent <raven at themaw.net>
+
+
+---
+ modules/mount_bind.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/modules/mount_bind.c b/modules/mount_bind.c
+index d6c6fe7..61a773c 100644
+--- a/modules/mount_bind.c
++++ b/modules/mount_bind.c
+@@ -209,7 +209,12 @@ int mount_mount(struct autofs_point *ap, const char *root, const char *name, int
+ "failed to create local mount %s -> %s",
+ fullpath, what);
+ if (ap->flags & MOUNT_FLAG_GHOST && !status)
+- mkdir_path(fullpath, 0555);
++ if (mkdir_path(fullpath, 0555) && errno != EEXIST) {
++ char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
++ error(ap->logopt,
++ MODPREFIX "mkdir_path %s failed: %s",
++ fullpath, estr);
++ }
+ else {
+ if (ap->type == LKP_INDIRECT)
+ rmdir_path(ap, fullpath, ap->dev);
diff --git a/autofs-5.0.7-fix-fcntl-return-check.patch b/autofs-5.0.7-fix-fcntl-return-check.patch
new file mode 100644
index 0000000..ebe9ea8
--- /dev/null
+++ b/autofs-5.0.7-fix-fcntl-return-check.patch
@@ -0,0 +1,25 @@
+autofs-5.0.7 - fix fcntl return check
+
+From: Ian Kent <raven at themaw.net>
+
+When checking for FD_CLOEXEC support the return of the fcntl(2) call to
+get the file descriptor flags is not checked which could result in an
+incorrect result.
+---
+ include/automount.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/include/automount.h b/include/automount.h
+index e72fa0d..6ced842 100644
+--- a/include/automount.h
++++ b/include/automount.h
+@@ -547,7 +547,8 @@ static inline void check_cloexec(int fd)
+ {
+ if (cloexec_works == 0) {
+ int fl = fcntl(fd, F_GETFD);
+- cloexec_works = (fl & FD_CLOEXEC) ? 1 : -1;
++ if (fl != -1)
++ cloexec_works = (fl & FD_CLOEXEC) ? 1 : -1;
+ }
+ if (cloexec_works > 0)
+ return;
diff --git a/autofs-5.0.7-fix-fix-map-entry-duplicate-offset-detection.patch b/autofs-5.0.7-fix-fix-map-entry-duplicate-offset-detection.patch
new file mode 100644
index 0000000..82092c0
--- /dev/null
+++ b/autofs-5.0.7-fix-fix-map-entry-duplicate-offset-detection.patch
@@ -0,0 +1,37 @@
+autofs-5.0.7 - fix fix map entry duplicate offset detection
+
+From: Ian Kent <raven at themaw.net>
+
+Map entry duplicate detection was still broken.
+This hopefully will fix it, at least the Conectathon duplicate offset entry
+tests pass now.
+---
+ CHANGELOG | 1 +
+ lib/cache.c | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index e15aa1f..39d7889 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -47,6 +47,7 @@
+ - dont probe rdma mounts.
+ - fix master map mount options matching.
+ - fix master map bogus keywork match.
++- fix fix map entry duplicate offset detection.
+
+ 25/07/2012 autofs-5.0.7
+ =======================
+diff --git a/lib/cache.c b/lib/cache.c
+index 1e05a99..ecace4a 100644
+--- a/lib/cache.c
++++ b/lib/cache.c
+@@ -659,7 +659,7 @@ int cache_update_offset(struct mapent_cache *mc, const char *mkey, const char *k
+
+ me = cache_lookup_distinct(mc, key);
+ if (me && me->age == age) {
+- if (me->multi == owner)
++ if (me == owner || strcmp(me->key, key) == 0)
+ return CHE_DUPLICATE;
+ }
+
diff --git a/autofs-5.0.7-fix-host_addr-null-reference-in-add_new_host.patch b/autofs-5.0.7-fix-host_addr-null-reference-in-add_new_host.patch
new file mode 100644
index 0000000..45bd53f
--- /dev/null
+++ b/autofs-5.0.7-fix-host_addr-null-reference-in-add_new_host.patch
@@ -0,0 +1,55 @@
+autofs-5.0.7 - fix host_addr null reference in add_new_host()
+
+From: Ian Kent <raven at themaw.net>
+
+The function add_new_host() is always called from a loop that depends
+on host_addr being non-null.
+
+Remove the redundant check.
+---
+ modules/replicated.c | 29 ++++++++++-------------------
+ 1 file changed, 10 insertions(+), 19 deletions(-)
+
+diff --git a/modules/replicated.c b/modules/replicated.c
+index 0a044b9..e793ca4 100644
+--- a/modules/replicated.c
++++ b/modules/replicated.c
+@@ -1030,28 +1030,19 @@ static int add_new_host(struct host **list,
+ unsigned int prx;
+ int addr_len;
+
++ prx = get_proximity(host_addr->ai_addr);
++
+ /*
+- * If we are using random selection we pretend all hosts are at
+- * the same proximity so hosts further away don't get excluded.
+- * We can't use PROXIMITY_LOCAL or we won't perform an RPC ping
+- * to remove hosts that may be down.
++ * If we want the weight to be the determining factor
++ * when selecting a host, or we are using random selection,
++ * then all hosts must have the same proximity. However,
++ * if this is the local machine it should always be used
++ * since it is certainly available.
+ */
+- if (!host_addr)
++ if (prx != PROXIMITY_LOCAL &&
++ (options & (MOUNT_FLAG_USE_WEIGHT_ONLY |
++ MOUNT_FLAG_RANDOM_SELECT)))
+ prx = PROXIMITY_SUBNET;
+- else {
+- prx = get_proximity(host_addr->ai_addr);
+- /*
+- * If we want the weight to be the determining factor
+- * when selecting a host, or we are using random selection,
+- * then all hosts must have the same proximity. However,
+- * if this is the local machine it should always be used
+- * since it is certainly available.
+- */
+- if (prx != PROXIMITY_LOCAL &&
+- (options & (MOUNT_FLAG_USE_WEIGHT_ONLY |
+- MOUNT_FLAG_RANDOM_SELECT)))
+- prx = PROXIMITY_SUBNET;
+- }
+
+ /*
+ * If we tried to add an IPv6 address and we don't have IPv6
diff --git a/autofs-5.0.7-fix-inconsistent-signed-usage-for-__rpc_ping.patch b/autofs-5.0.7-fix-inconsistent-signed-usage-for-__rpc_ping.patch
new file mode 100644
index 0000000..661685f
--- /dev/null
+++ b/autofs-5.0.7-fix-inconsistent-signed-usage-for-__rpc_ping.patch
@@ -0,0 +1,41 @@
+autofs-5.0.7 - fix inconsistent signed usage for __rpc_ping()
+
+From: Ian Kent <raven at themaw.net>
+
+There is some incosistent usage of unsigned int variables with the usage
+of __rpc_ping().
+---
+ lib/rpc_subs.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/lib/rpc_subs.c b/lib/rpc_subs.c
+index 718caf9..f5742e8 100644
+--- a/lib/rpc_subs.c
++++ b/lib/rpc_subs.c
+@@ -670,13 +670,11 @@ int rpc_ping_proto(struct conn_info *info)
+ return 1;
+ }
+
+-static unsigned int __rpc_ping(const char *host,
+- unsigned long version,
+- int proto,
+- long seconds, long micros,
+- unsigned int option)
++static int __rpc_ping(const char *host,
++ unsigned long version, int proto,
++ long seconds, long micros, unsigned int option)
+ {
+- unsigned int status;
++ int status;
+ struct conn_info info;
+ struct pmap parms;
+
+@@ -713,7 +711,7 @@ int rpc_ping(const char *host, long seconds, long micros, unsigned int option)
+ {
+ unsigned long vers3 = NFS3_VERSION;
+ unsigned long vers2 = NFS2_VERSION;
+- unsigned int status;
++ int status;
+
+ status = __rpc_ping(host, vers2, IPPROTO_UDP, seconds, micros, option);
+ if (status > 0)
diff --git a/autofs-5.0.7-fix-inconsistent-use-of-cache-lock-in-handle_packet_missing_direct.patch b/autofs-5.0.7-fix-inconsistent-use-of-cache-lock-in-handle_packet_missing_direct.patch
new file mode 100644
index 0000000..9d59e34
--- /dev/null
+++ b/autofs-5.0.7-fix-inconsistent-use-of-cache-lock-in-handle_packet_missing_direct.patch
@@ -0,0 +1,23 @@
+autofs-5.0.7 - fix inconsistent use of cache lock in handle_packet_missing_direct()
+
+From: Ian Kent <raven at themaw.net>
+
+All references here except this one refer to the same variable so change the odd
+one out for consistency.
+---
+ daemon/direct.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/daemon/direct.c b/daemon/direct.c
+index 228a666..399ad0a 100644
+--- a/daemon/direct.c
++++ b/daemon/direct.c
+@@ -1392,7 +1392,7 @@ int handle_packet_missing_direct(struct autofs_point *ap, autofs_packet_missing_
+ ops->send_fail(ap->logopt,
+ ioctlfd, pkt->wait_queue_token, -ENOENT);
+ ops->close(ap->logopt, ioctlfd);
+- cache_unlock(me->mc);
++ cache_unlock(mc);
+ master_source_unlock(ap->entry);
+ master_mutex_unlock();
+ pthread_setcancelstate(state, NULL);
diff --git a/autofs-5.0.7-fix-incorrect-check-in-flag_is_owned.patch b/autofs-5.0.7-fix-incorrect-check-in-flag_is_owned.patch
new file mode 100644
index 0000000..63312f8
--- /dev/null
+++ b/autofs-5.0.7-fix-incorrect-check-in-flag_is_owned.patch
@@ -0,0 +1,30 @@
+autofs-5.0.7 - fix incorrect check in flag_is_owned()
+
+From: Ian Kent <raven at themaw.net>
+
+The flag file code isn't used any more but this is clearly incorrect
+so fix it in case it gets used sometime in the future.
+---
+ daemon/flag.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/daemon/flag.c b/daemon/flag.c
+index f8fe163..db9a4bd 100644
+--- a/daemon/flag.c
++++ b/daemon/flag.c
+@@ -66,12 +66,11 @@ static int flag_is_owned(int fd)
+
+ continue;
+ }
+-
+- /* Stale flagfile */
+- if (!tries)
+- return 0;
+ }
+
++ /* Stale flagfile */
++ if (!tries)
++ return 0;
+
+ if (pid) {
+ int ret;
diff --git a/autofs-5.0.7-fix-incorrect-name-in-test.patch b/autofs-5.0.7-fix-incorrect-name-in-test.patch
new file mode 100644
index 0000000..bce7c45
--- /dev/null
+++ b/autofs-5.0.7-fix-incorrect-name-in-test.patch
@@ -0,0 +1,22 @@
+autofs-5.0.7 - fix incorrect var name in test
+
+From: Ian Kent <raven at themaw.net>
+
+Fix incorrect variable name used for test of buffer size for getgrgid_r.
+---
+ lib/mounts.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/mounts.c b/lib/mounts.c
+index 550445c..0caa0aa 100644
+--- a/lib/mounts.c
++++ b/lib/mounts.c
+@@ -1222,7 +1222,7 @@ void set_tsd_user_vars(unsigned int logopt, uid_t uid, gid_t gid)
+ /* Try to get group info */
+
+ grplen = sysconf(_SC_GETGR_R_SIZE_MAX);
+- if (tmplen < 0) {
++ if (grplen < 0) {
+ error(logopt, "failed to get buffer size for getgrgid_r");
+ goto free_tsv_home;
+ }
diff --git a/autofs-5.0.7-fix-incorrect-value-reference-in-parse_line.patch b/autofs-5.0.7-fix-incorrect-value-reference-in-parse_line.patch
new file mode 100644
index 0000000..a9c2031
--- /dev/null
+++ b/autofs-5.0.7-fix-incorrect-value-reference-in-parse_line.patch
@@ -0,0 +1,22 @@
+autofs-5.0.7 - fix incorrect value reference in parse_line()
+
+From: Ian Kent <raven at themaw.net>
+
+This chack should clearly be on the contents of key not the pointer value.
+---
+ lib/defaults.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/defaults.c b/lib/defaults.c
+index 1e89509..7c65387 100644
+--- a/lib/defaults.c
++++ b/lib/defaults.c
+@@ -167,7 +167,7 @@ static int parse_line(char *line, char **res, char **value)
+ while (*key && *key == ' ')
+ key++;
+
+- if (!key)
++ if (!*key)
+ return 0;
+
+ if (!(val = strchr(key, '=')))
diff --git a/autofs-5.0.7-fix-leaked-ldap-percent-hack-allocation-in-lookup_one.patch b/autofs-5.0.7-fix-leaked-ldap-percent-hack-allocation-in-lookup_one.patch
new file mode 100644
index 0000000..d113eea
--- /dev/null
+++ b/autofs-5.0.7-fix-leaked-ldap-percent-hack-allocation-in-lookup_one.patch
@@ -0,0 +1,21 @@
+autofs-5.0.7 - fix leaked ldap percent hack allocation in lookup_one()
+
+From: Ian Kent <raven at themaw.net>
+
+Fix a resource leak when calling the percent hack transforms in lookup_one().
+---
+ modules/lookup_ldap.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
+index 26481a8..35ea6ea 100644
+--- a/modules/lookup_ldap.c
++++ b/modules/lookup_ldap.c
+@@ -2525,6 +2525,7 @@ static int lookup_one(struct autofs_point *ap,
+ if (enc_len1 != 0) {
+ enc_len2 = encode_percent_hack(qKey, &enc_key2, 1);
+ if (enc_len2 < 0) {
++ free(enc_key1);
+ crit(ap->logopt,
+ "could not use percent hack encode key %s",
+ qKey);
diff --git a/autofs-5.0.7-fix-master-map-bogus-keywork-match.patch b/autofs-5.0.7-fix-master-map-bogus-keywork-match.patch
new file mode 100644
index 0000000..7c003ff
--- /dev/null
+++ b/autofs-5.0.7-fix-master-map-bogus-keywork-match.patch
@@ -0,0 +1,62 @@
+autofs-5.0.7 - fix master map bogus keywork match
+
+From: Ian Kent <raven at themaw.net>
+
+If we have a map name in the master map that ends with a keyword
+of one of the map types or "multi" we mistakenly match the trailing
+white space and include that in the map name. This has to be wrong
+since we can't handle quoting in the master map and embedded white
+space must be escaped. It would be good if we handled quoted strings
+but that has proven a bit of a nightmare so far for the current
+tokenizer.
+---
+ CHANGELOG | 1 +
+ lib/master_tok.l | 16 ++++++++++++++++
+ 2 files changed, 17 insertions(+)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 00eaff2..e15aa1f 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -46,6 +46,7 @@
+ - fix interface address null check.
+ - dont probe rdma mounts.
+ - fix master map mount options matching.
++- fix master map bogus keywork match.
+
+ 25/07/2012 autofs-5.0.7
+ =======================
+diff --git a/lib/master_tok.l b/lib/master_tok.l
+index 8d1f1a2..a55cc76 100644
+--- a/lib/master_tok.l
++++ b/lib/master_tok.l
+@@ -202,6 +202,14 @@ OPTNTOUT (-n{OPTWS}|-n{OPTWS}={OPTWS}|--negative-timeout{OPTWS}|--negative-timeo
+ {MULTI} {
+ tlen = master_leng - 1;
+ if (bptr != buff && isblank(master_text[tlen])) {
++ /*
++ * We can't handle unescaped white space in map names
++ * so just eat the white space. We always have the
++ * "multi" at the beginning of the string so the while
++ * will not fall off the end.
++ */
++ while (isblank(master_text[tlen - 1]))
++ tlen--;
+ strncat(buff, master_text, tlen);
+ bptr += tlen;
+ yyless(tlen);
+@@ -216,6 +224,14 @@ OPTNTOUT (-n{OPTWS}|-n{OPTWS}={OPTWS}|--negative-timeout{OPTWS}|--negative-timeo
+ {MTYPE}/{DNATTRSTR}= {
+ tlen = master_leng - 1;
+ if (bptr != buff && isblank(master_text[tlen])) {
++ /*
++ * We can't handle unescaped white space in map names
++ * so just eat the white space. We always have the
++ * maptype keyword at the beginning of the string so
++ * the while will not fall off the end.
++ */
++ while (isblank(master_text[tlen - 1]))
++ tlen--;
+ strncat(buff, master_text, tlen);
+ bptr += tlen;
+ yyless(tlen);
diff --git a/autofs-5.0.7-fix-master-map-mount-options-matching.patch b/autofs-5.0.7-fix-master-map-mount-options-matching.patch
new file mode 100644
index 0000000..a360618
--- /dev/null
+++ b/autofs-5.0.7-fix-master-map-mount-options-matching.patch
@@ -0,0 +1,43 @@
+autofs-5.0.7 - fix master map mount options matching
+
+From: Ian Kent <raven at themaw.net>
+
+The master map options pattern matching is fairly primitive since it
+doesn't need to be very sophisticated. The current mount option pattern
+matching can't match mount options with quotes or embedded colons and so
+it can't pass these options through as a global options string.
+
+But it must be able to match a fairly large class of strings, including
+the above case, so they can be passed through as global options. Of
+course it can't try and validate them since it can't know what mount type
+they may be used with.
+---
+ CHANGELOG | 1 +
+ lib/master_tok.l | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 1156cc9..00eaff2 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -45,6 +45,7 @@
+ - add enable sloppy mount option to configure.
+ - fix interface address null check.
+ - dont probe rdma mounts.
++- fix master map mount options matching.
+
+ 25/07/2012 autofs-5.0.7
+ =======================
+diff --git a/lib/master_tok.l b/lib/master_tok.l
+index f9b4e55..8d1f1a2 100644
+--- a/lib/master_tok.l
++++ b/lib/master_tok.l
+@@ -91,7 +91,7 @@ OPTWS [[:blank:]]*
+ NL \r?\n
+ CONT \\\n{OPTWS}
+
+-OPTIONSTR ([\-]?([[:alpha:]_]([[:alnum:]_\-])*(=([[:alnum:]_\-])+)*)+)
++OPTIONSTR ([\-]?([[:alpha:]_]([[:alnum:]_\-])*(=(\"?([[:alnum:]_\-\:])+\"?))?)+)
+ MACROSTR (-D{OPTWS}([[:alpha:]_]([[:alnum:]_\-\.])*)=([[:alnum:]_\-\.])+)
+ SLASHIFYSTR (--(no-)?slashify-colons)
+ NUMBER [0-9]+
diff --git a/autofs-5.0.7-fix-memory-leak-in-get_dc_list.patch b/autofs-5.0.7-fix-memory-leak-in-get_dc_list.patch
new file mode 100644
index 0000000..01a9236
--- /dev/null
+++ b/autofs-5.0.7-fix-memory-leak-in-get_dc_list.patch
@@ -0,0 +1,30 @@
+autofs-5.0.7 - fix memory leak in get_dc_list()
+
+From: Ian Kent <raven at themaw.net>
+
+In get_dc_list() if an invalid port is found the allocated list storage
+isn't freed on the error exit.
+---
+ modules/dclist.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/modules/dclist.c b/modules/dclist.c
+index d16b913..af21ce0 100644
+--- a/modules/dclist.c
++++ b/modules/dclist.c
+@@ -536,6 +536,7 @@ struct dclist *get_dc_list(unsigned int logopt, const char *uri)
+ else
+ strcat(tmp, " ");
+
++ list = NULL;
+ for (i = 0; i < numdcs; i++) {
+ if (i > 0)
+ strcat(tmp, " ");
+@@ -549,6 +550,7 @@ struct dclist *get_dc_list(unsigned int logopt, const char *uri)
+ error(logopt,
+ "invalid port: %u", dcs[i].port);
+ free_srv_rrs(dcs, numdcs);
++ free(tmp);
+ goto out_error;
+ }
+ strcat(tmp, port);
diff --git a/autofs-5.0.7-fix-possible-use-after-free-in-lookup_dir-lookup_init.patch b/autofs-5.0.7-fix-possible-use-after-free-in-lookup_dir-lookup_init.patch
new file mode 100644
index 0000000..99aef1f
--- /dev/null
+++ b/autofs-5.0.7-fix-possible-use-after-free-in-lookup_dir-lookup_init.patch
@@ -0,0 +1,21 @@
+autofs-5.0.7 - fix possible use after free in lookup_dir.c:lookup_init()
+
+From: Ian Kent <raven at themaw.net>
+
+Add a missing error return in lookup_dir.c:lookup_init().
+---
+ modules/lookup_dir.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/modules/lookup_dir.c b/modules/lookup_dir.c
+index 07471b7..cbeda1f 100644
+--- a/modules/lookup_dir.c
++++ b/modules/lookup_dir.c
+@@ -98,6 +98,7 @@ int lookup_init(const char *mapfmt, int argc, const char *const *argv, void **co
+ free(ctxt);
+ warn(LOGOPT_NONE, MODPREFIX
+ "dir map %s, is not a directory", argv[0]);
++ return 1;
+ }
+
+ *context = ctxt;
diff --git a/autofs-5.0.7-fix-potential-null-dereference-in-lookup_mount.patch b/autofs-5.0.7-fix-potential-null-dereference-in-lookup_mount.patch
new file mode 100644
index 0000000..d0b33ad
--- /dev/null
+++ b/autofs-5.0.7-fix-potential-null-dereference-in-lookup_mount.patch
@@ -0,0 +1,157 @@
+autofs-5.0.7 - fix potential null dereference in lookup_mount()
+
+From: Ian Kent <raven at themaw.net>
+
+Updating a negative cache entry should always find an entry but the entry
+lookup return isn't checked and probably should be.
+
+Since this code is duplicated in several modules add it as a function to
+the cache handling code.
+---
+ include/automount.h | 1 +
+ lib/cache.c | 20 ++++++++++++++++++++
+ modules/lookup_file.c | 11 +----------
+ modules/lookup_ldap.c | 12 +-----------
+ modules/lookup_sss.c | 12 +-----------
+ modules/lookup_yp.c | 12 ++----------
+ 6 files changed, 26 insertions(+), 42 deletions(-)
+
+diff --git a/include/automount.h b/include/automount.h
+index 6ced842..71787a5 100644
+--- a/include/automount.h
++++ b/include/automount.h
+@@ -189,6 +189,7 @@ struct mapent *cache_lookup_offset(const char *prefix, const char *offset, int s
+ struct mapent *cache_partial_match(struct mapent_cache *mc, const char *prefix);
+ int cache_add(struct mapent_cache *mc, struct map_source *ms, const char *key, const char *mapent, time_t age);
+ int cache_update_offset(struct mapent_cache *mc, const char *mkey, const char *key, const char *mapent, time_t age);
++void cache_update_negative(struct mapent_cache *mc, struct map_source *ms, const char *key, time_t timeout);
+ int cache_set_parents(struct mapent *mm);
+ int cache_update(struct mapent_cache *mc, struct map_source *ms, const char *key, const char *mapent, time_t age);
+ int cache_delete(struct mapent_cache *mc, const char *key);
+diff --git a/lib/cache.c b/lib/cache.c
+index ecace4a..be4917b 100644
+--- a/lib/cache.c
++++ b/lib/cache.c
+@@ -680,6 +680,26 @@ done:
+ return ret;
+ }
+
++void cache_update_negative(struct mapent_cache *mc,
++ struct map_source *ms, const char *key,
++ time_t timeout)
++{
++ time_t now = time(NULL);
++ struct mapent *me;
++ int rv = CHE_OK;
++
++ me = cache_lookup_distinct(mc, key);
++ if (!me)
++ rv = cache_update(mc, ms, key, NULL, now);
++ if (rv != CHE_FAIL) {
++ me = cache_lookup_distinct(mc, key);
++ if (me)
++ me->status = now + timeout;
++ }
++ return;
++}
++
++
+ static struct mapent *get_parent(const char *key, struct list_head *head, struct list_head **pos)
+ {
+ struct list_head *next;
+diff --git a/modules/lookup_file.c b/modules/lookup_file.c
+index 2836996..4b4ee89 100644
+--- a/modules/lookup_file.c
++++ b/modules/lookup_file.c
+@@ -1130,17 +1130,8 @@ do_cache_lookup:
+ ret = ctxt->parse->parse_mount(ap, key, key_len,
+ mapent, ctxt->parse->context);
+ if (ret) {
+- time_t now = time(NULL);
+- int rv = CHE_OK;
+-
+ cache_writelock(mc);
+- me = cache_lookup_distinct(mc, key);
+- if (!me)
+- rv = cache_update(mc, source, key, NULL, now);
+- if (rv != CHE_FAIL) {
+- me = cache_lookup_distinct(mc, key);
+- me->status = now + ap->negative_timeout;
+- }
++ cache_update_negative(mc, source, key, ap->negative_timeout);
+ cache_unlock(mc);
+ return NSS_STATUS_TRYAGAIN;
+ }
+diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
+index a59de92..26481a8 100644
+--- a/modules/lookup_ldap.c
++++ b/modules/lookup_ldap.c
+@@ -3011,18 +3011,8 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void *
+ ret = ctxt->parse->parse_mount(ap, key, key_len,
+ mapent, ctxt->parse->context);
+ if (ret) {
+- time_t now = time(NULL);
+- int rv = CHE_OK;
+-
+- /* Record the the mount fail in the cache */
+ cache_writelock(mc);
+- me = cache_lookup_distinct(mc, key);
+- if (!me)
+- rv = cache_update(mc, source, key, NULL, now);
+- if (rv != CHE_FAIL) {
+- me = cache_lookup_distinct(mc, key);
+- me->status = now + ap->negative_timeout;
+- }
++ cache_update_negative(mc, source, key, ap->negative_timeout);
+ cache_unlock(mc);
+ return NSS_STATUS_TRYAGAIN;
+ }
+diff --git a/modules/lookup_sss.c b/modules/lookup_sss.c
+index 5c2ed0a..1fe740b 100644
+--- a/modules/lookup_sss.c
++++ b/modules/lookup_sss.c
+@@ -672,18 +672,8 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void *
+ ret = ctxt->parse->parse_mount(ap, key, key_len,
+ mapent, ctxt->parse->context);
+ if (ret) {
+- time_t now = time(NULL);
+- int rv = CHE_OK;
+-
+- /* Record the the mount fail in the cache */
+ cache_writelock(mc);
+- me = cache_lookup_distinct(mc, key);
+- if (!me)
+- rv = cache_update(mc, source, key, NULL, now);
+- if (rv != CHE_FAIL) {
+- me = cache_lookup_distinct(mc, key);
+- me->status = now + ap->negative_timeout;
+- }
++ cache_update_negative(mc, source, key, ap->negative_timeout);
+ cache_unlock(mc);
+ return NSS_STATUS_TRYAGAIN;
+ }
+diff --git a/modules/lookup_yp.c b/modules/lookup_yp.c
+index a716e1f..e99e3c0 100644
+--- a/modules/lookup_yp.c
++++ b/modules/lookup_yp.c
+@@ -698,18 +698,10 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void *
+ ret = ctxt->parse->parse_mount(ap, key, key_len,
+ mapent, ctxt->parse->context);
+ if (ret) {
+- time_t now = time(NULL);
+- int rv = CHE_OK;
+-
+ cache_writelock(mc);
+- me = cache_lookup_distinct(mc, key);
+- if (!me)
+- rv = cache_update(mc, source, key, NULL, now);
+- if (rv != CHE_FAIL) {
+- me = cache_lookup_distinct(mc, key);
+- me->status = now + ap->negative_timeout;
+- }
++ cache_update_negative(mc, source, key, ap->negative_timeout);
+ cache_unlock(mc);
++ return NSS_STATUS_TRYAGAIN;
+ }
+ }
+
diff --git a/autofs-5.0.7-fix-several-off-by-one-errors.patch b/autofs-5.0.7-fix-several-off-by-one-errors.patch
new file mode 100644
index 0000000..bb94957
--- /dev/null
+++ b/autofs-5.0.7-fix-several-off-by-one-errors.patch
@@ -0,0 +1,128 @@
+autofs-5.0.7 - fix several off by one errors
+
+From: Ian Kent <raven at themaw.net>
+
+Fix several off-by-one array reference errors and a couple of short allocation
+errors.
+---
+ daemon/spawn.c | 10 +++++-----
+ lib/defaults.c | 2 +-
+ modules/lookup_ldap.c | 8 ++++----
+ modules/parse_hesiod.c | 2 +-
+ modules/parse_sun.c | 2 +-
+ 5 files changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/daemon/spawn.c b/daemon/spawn.c
+index 3b4a009..9b8d5a2 100644
+--- a/daemon/spawn.c
++++ b/daemon/spawn.c
+@@ -320,7 +320,7 @@ int spawn_mount(unsigned logopt, ...)
+ unsigned int retries = MTAB_LOCK_RETRIES;
+ int update_mtab = 1, ret, printed = 0;
+ unsigned int wait = defaults_get_mount_wait();
+- char buf[PATH_MAX];
++ char buf[PATH_MAX + 1];
+
+ /* If we use mount locking we can't validate the location */
+ #ifdef ENABLE_MOUNT_LOCKING
+@@ -346,7 +346,7 @@ int spawn_mount(unsigned logopt, ...)
+ }
+
+ /* Alloc 1 extra slot in case we need to use the "-f" option */
+- if (!(argv = alloca(sizeof(char *) * argc + 2)))
++ if (!(argv = alloca(sizeof(char *) * (argc + 2))))
+ return -1;
+
+ argv[0] = arg0;
+@@ -448,7 +448,7 @@ int spawn_bind_mount(unsigned logopt, ...)
+ unsigned int options;
+ unsigned int retries = MTAB_LOCK_RETRIES;
+ int update_mtab = 1, ret, printed = 0;
+- char buf[PATH_MAX];
++ char buf[PATH_MAX + 1];
+
+ /* If we use mount locking we can't validate the location */
+ #ifdef ENABLE_MOUNT_LOCKING
+@@ -477,7 +477,7 @@ int spawn_bind_mount(unsigned logopt, ...)
+ }
+ }
+
+- if (!(argv = alloca(sizeof(char *) * argc + 2)))
++ if (!(argv = alloca(sizeof(char *) * (argc + 2))))
+ return -1;
+
+ argv[0] = arg0;
+@@ -556,7 +556,7 @@ int spawn_umount(unsigned logopt, ...)
+ unsigned int retries = MTAB_LOCK_RETRIES;
+ int update_mtab = 1, ret, printed = 0;
+ unsigned int wait = defaults_get_umount_wait();
+- char buf[PATH_MAX];
++ char buf[PATH_MAX + 1];
+
+ #ifdef ENABLE_MOUNT_LOCKING
+ options = SPAWN_OPT_LOCK;
+diff --git a/lib/defaults.c b/lib/defaults.c
+index ae1162f..1e89509 100644
+--- a/lib/defaults.c
++++ b/lib/defaults.c
+@@ -227,7 +227,7 @@ void defaults_free_uris(struct list_head *list)
+ static unsigned int add_uris(char *value, struct list_head *list)
+ {
+ char *str, *tok, *ptr = NULL;
+- size_t len = strlen(value);
++ size_t len = strlen(value) + 1;
+
+ str = alloca(len);
+ if (!str)
+diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
+index 83e3215..17cbe9a 100644
+--- a/modules/lookup_ldap.c
++++ b/modules/lookup_ldap.c
+@@ -2234,8 +2234,8 @@ static int do_get_entries(struct ldap_search_params *sp, struct map_source *sour
+ mapent = new_me;
+ strcat(mapent, " ");
+ strncat(mapent, v_val, v_len);
+- mapent[new_size] = '\0';
+- mapent_len = new_size;
++ mapent[new_size - 1] = '\0';
++ mapent_len = new_size - 1;
+ } else {
+ char *estr;
+ estr = strerror_r(errno, buf, sizeof(buf));
+@@ -2723,8 +2723,8 @@ static int lookup_one(struct autofs_point *ap,
+ mapent = new_me;
+ strcat(mapent, " ");
+ strncat(mapent, v_val, v_len);
+- mapent[new_size] = '\0';
+- mapent_len = new_size;
++ mapent[new_size - 1] = '\0';
++ mapent_len = new_size - 1;
+ } else {
+ char *estr;
+ estr = strerror_r(errno, buf, sizeof(buf));
+diff --git a/modules/parse_hesiod.c b/modules/parse_hesiod.c
+index 7a6a57d..237fd50 100644
+--- a/modules/parse_hesiod.c
++++ b/modules/parse_hesiod.c
+@@ -117,7 +117,7 @@ static int parse_nfs(struct autofs_point *ap,
+ p++;
+
+ /* Isolate the remote mountpoint for this NFS fs. */
+- for (i = 0; (!isspace(p[i]) && i < (int) sizeof(mount)); i++) {
++ for (i = 0; (!isspace(p[i]) && i < ((int) sizeof(mount) - 1)); i++) {
+ if (!p[i]) {
+ error(ap->logopt, MODPREFIX
+ "unexpeced end of input looking for NFS "
+diff --git a/modules/parse_sun.c b/modules/parse_sun.c
+index ae1caf7..c1fc528 100644
+--- a/modules/parse_sun.c
++++ b/modules/parse_sun.c
+@@ -1135,7 +1135,7 @@ static int mount_subtree(struct autofs_point *ap, struct mapent *me,
+ }
+ ro_len = strlen(ro_loc);
+
+- tmp = alloca(mnt_root_len + 1);
++ tmp = alloca(mnt_root_len + 2);
+ strcpy(tmp, mnt_root);
+ tmp[mnt_root_len] = '/';
+ tmp[mnt_root_len + 1] = '\0';
diff --git a/autofs-5.0.7-fix-spawn_umount-return-check-in-mount_bind-lookup_init.patch b/autofs-5.0.7-fix-spawn_umount-return-check-in-mount_bind-lookup_init.patch
new file mode 100644
index 0000000..2d02023
--- /dev/null
+++ b/autofs-5.0.7-fix-spawn_umount-return-check-in-mount_bind-lookup_init.patch
@@ -0,0 +1,23 @@
+autofs-5.0.7 - fix spawn_umount() return check in mount_bind.c:lookup_init()
+
+From: Ian Kent <raven at themaw.net>
+
+Check return of spawn_umount() and report it if it fails.
+---
+ modules/mount_bind.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/modules/mount_bind.c b/modules/mount_bind.c
+index 4975294..d6c6fe7 100644
+--- a/modules/mount_bind.c
++++ b/modules/mount_bind.c
+@@ -57,7 +57,8 @@ int mount_init(void **context)
+ bind_works = 1;
+ }
+
+- spawn_umount(LOGOPT_NONE, "-n", t2_dir, NULL);
++ if (spawn_umount(LOGOPT_NONE, "-n", t2_dir, NULL) != 0)
++ debug(LOGOPT_ANY, MODPREFIX "umount failed for %s", t2_dir);
+
+ out:
+ rmdir(t1_dir);
diff --git a/autofs-5.0.7-probe-each-nfs-version-in-turn-for-singleton-mounts.patch b/autofs-5.0.7-probe-each-nfs-version-in-turn-for-singleton-mounts.patch
new file mode 100644
index 0000000..9b86306
--- /dev/null
+++ b/autofs-5.0.7-probe-each-nfs-version-in-turn-for-singleton-mounts.patch
@@ -0,0 +1,104 @@
+autofs-5.0.7 - probe each nfs version in turn for singleton mounts
+
+From: Ian Kent <raven at themaw.net>
+
+
+---
+ CHANGELOG | 1 +
+ include/replicated.h | 2 ++
+ modules/mount_nfs.c | 35 ++++++++++++++++++++++++++++++++++-
+ modules/replicated.c | 8 ++++----
+ 4 files changed, 41 insertions(+), 5 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 39d7889..48e9806 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -48,6 +48,7 @@
+ - fix master map mount options matching.
+ - fix master map bogus keywork match.
+ - fix fix map entry duplicate offset detection.
++- probe each nfs version in turn for singleton mounts.
+
+ 25/07/2012 autofs-5.0.7
+ =======================
+diff --git a/include/replicated.h b/include/replicated.h
+index ff0e7b9..728f131 100644
+--- a/include/replicated.h
++++ b/include/replicated.h
+@@ -68,6 +68,8 @@ struct host {
+ };
+
+ void seed_random(void);
++struct host *new_host(const char *, struct sockaddr *, size_t,
++ unsigned int, unsigned int, unsigned int);
+ void free_host_list(struct host **);
+ int parse_location(unsigned, struct host **, const char *, unsigned int);
+ int prune_host_list(unsigned, struct host **, unsigned int, int);
+diff --git a/modules/mount_nfs.c b/modules/mount_nfs.c
+index 5424d74..81ba3ca 100644
+--- a/modules/mount_nfs.c
++++ b/modules/mount_nfs.c
+@@ -180,9 +180,42 @@ int mount_mount(struct autofs_point *ap, const char *root, const char *name, int
+ * We can't probe protocol rdma so leave it to mount.nfs(8)
+ * and and suffer the delay if a server isn't available.
+ */
+- if (!rdma)
++ if (rdma)
++ goto dont_probe;
++
++ /*
++ * If this is a singleton mount, and NFSv4 only hasn't been asked
++ * for, and the default NFS protocol is set to v4 in the autofs
++ * configuration only probe NFSv4 and let mount.nfs(8) do fallback
++ * to NFSv3 (if it can). If the NFSv4 probe fails then probe as
++ * normal.
++ */
++ if (!hosts->next &&
++ mount_default_proto == 4 &&
++ vers & NFS_VERS_MASK != 0 &&
++ vers & NFS4_VERS_MASK != 0) {
++ unsigned int v4_probe_ok = 0;
++ struct host *tmp = new_host(hosts->name,
++ hosts->addr, hosts->addr_len,
++ hosts->proximity,
++ hosts->weight, hosts->options);
++ if (tmp) {
++ tmp->rr = hosts->rr;
++ prune_host_list(ap->logopt, &tmp,
++ NFS4_VERS_MASK|TCP_SUPPORTED, port);
++ /* If probe succeeds just try the mount with host in hosts */
++ if (tmp) {
++ v4_probe_ok = 1;
++ free_host_list(&tmp);
++ }
++ }
++ if (!v4_probe_ok)
++ prune_host_list(ap->logopt, &hosts, vers, port);
++ } else {
+ prune_host_list(ap->logopt, &hosts, vers, port);
++ }
+
++dont_probe:
+ if (!hosts) {
+ info(ap->logopt, MODPREFIX "no hosts available");
+ return 1;
+diff --git a/modules/replicated.c b/modules/replicated.c
+index 6dbdade..0a044b9 100644
+--- a/modules/replicated.c
++++ b/modules/replicated.c
+@@ -280,10 +280,10 @@ static unsigned int get_proximity(struct sockaddr *host_addr)
+ return PROXIMITY_OTHER;
+ }
+
+-static struct host *new_host(const char *name,
+- struct sockaddr *addr, size_t addr_len,
+- unsigned int proximity, unsigned int weight,
+- unsigned int options)
++struct host *new_host(const char *name,
++ struct sockaddr *addr, size_t addr_len,
++ unsigned int proximity, unsigned int weight,
++ unsigned int options)
+ {
+ struct host *new;
+ struct sockaddr *tmp2;
diff --git a/autofs-5.0.7-recheck-valid-map-entry-lookup-return-in-do_readmap_mount.patch b/autofs-5.0.7-recheck-valid-map-entry-lookup-return-in-do_readmap_mount.patch
new file mode 100644
index 0000000..c0ab30a
--- /dev/null
+++ b/autofs-5.0.7-recheck-valid-map-entry-lookup-return-in-do_readmap_mount.patch
@@ -0,0 +1,30 @@
+autofs-5.0.7 - recheck valid map entry lookup return in do_readmap_mount()
+
+From: Ian Kent <raven at themaw.net>
+
+After looking for an expected existing valid map entry in do_readmap_mount()
+add a check in case it isn't found.
+
+If it actually isn't found (although it always should be) the only thing
+that can be done is log an error return.
+---
+ daemon/state.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/daemon/state.c b/daemon/state.c
+index 6e23022..ddc5556 100644
+--- a/daemon/state.c
++++ b/daemon/state.c
+@@ -405,6 +405,12 @@ static void do_readmap_mount(struct autofs_point *ap, struct mnt_list *mnts,
+ me->key);
+ cache_writelock(vmc);
+ valid = cache_lookup_distinct(vmc, me->key);
++ if (!valid) {
++ cache_unlock(vmc);
++ error(ap->logopt,
++ "failed to find expected existing valid map entry");
++ return;
++ }
+ /* Take over the mount if there is one */
+ valid->ioctlfd = me->ioctlfd;
+ me->ioctlfd = -1;
diff --git a/autofs-5.0.7-remove-debug-only-code-in-alarm-c.patch b/autofs-5.0.7-remove-debug-only-code-in-alarm-c.patch
new file mode 100644
index 0000000..111e460
--- /dev/null
+++ b/autofs-5.0.7-remove-debug-only-code-in-alarm-c.patch
@@ -0,0 +1,36 @@
+autofs-5.0.7 - remove debug only code in alarm.c
+
+From: Ian Kent <raven at themaw.net>
+
+This code is only ever used for "on-the-fly" debugging so just remove it.
+---
+ lib/alarm.c | 16 ----------------
+ 1 file changed, 16 deletions(-)
+
+diff --git a/lib/alarm.c b/lib/alarm.c
+index d5cdc05..0f04ef8 100755
+--- a/lib/alarm.c
++++ b/lib/alarm.c
+@@ -40,22 +40,6 @@ do { \
+ fatal(_alm_unlock); \
+ } while (0)
+
+-void dump_alarms(void)
+-{
+- struct list_head *head;
+- struct list_head *p;
+-
+- pthread_mutex_lock(&mutex);
+- head = &alarms;
+- list_for_each(p, head) {
+- struct alarm *this;
+-
+- this = list_entry(p, struct alarm, list);
+- logmsg("alarm time = %d", this->time);
+- }
+- pthread_mutex_unlock(&mutex);
+-}
+-
+ /* Insert alarm entry on ordered list. */
+ int alarm_add(struct autofs_point *ap, time_t seconds)
+ {
diff --git a/autofs.spec b/autofs.spec
index 25e523e..f7765ae 100644
--- a/autofs.spec
+++ b/autofs.spec
@@ -8,7 +8,7 @@
Summary: A tool for automatically mounting and unmounting filesystems
Name: autofs
Version: 5.0.7
-Release: 19%{?dist}
+Release: 20%{?dist}
Epoch: 1
License: GPLv2+
Group: System Environment/Daemons
@@ -62,6 +62,35 @@ Patch46: autofs-5.0.7-document-allowed-map-sources-in-auto_master.patch
Patch47: autofs-5.0.7-add-enable-sloppy-mount-option-to-configure.patch
Patch48: autofs-5.0.7-fix-interface-address-null-check.patch
Patch49: autofs-5.0.7-dont-probe-rdma-mounts.patch
+Patch50: autofs-5.0.7-fix-master-map-mount-options-matching.patch
+Patch51: autofs-5.0.7-fix-master-map-bogus-keywork-match.patch
+Patch52: autofs-5.0.7-fix-fix-map-entry-duplicate-offset-detection.patch
+Patch53: autofs-5.0.7-probe-each-nfs-version-in-turn-for-singleton-mounts.patch
+Patch54: autofs-5.0.7-fix-fcntl-return-check.patch
+Patch55: autofs-5.0.7-fix-spawn_umount-return-check-in-mount_bind-lookup_init.patch
+Patch56: autofs-5.0.7-fix-check-mkdir_path-in-mount_bind-mount_mount.patch
+Patch57: autofs-5.0.7-fix-incorrect-name-in-test.patch
+Patch58: autofs-5.0.7-remove-debug-only-code-in-alarm-c.patch
+Patch59: autofs-5.0.7-fix-inconsistent-use-of-cache-lock-in-handle_packet_missing_direct.patch
+Patch60: autofs-5.0.7-fix-several-off-by-one-errors.patch
+Patch61: autofs-5.0.7-fix-memory-leak-in-get_dc_list.patch
+Patch62: autofs-5.0.7-fix-host_addr-null-reference-in-add_new_host.patch
+Patch63: autofs-5.0.7-add-null-check-in-read_one.patch
+Patch64: autofs-5.0.7-add-pgrp-check-in-do_spawn.patch
+Patch65: autofs-5.0.7-fix-inconsistent-signed-usage-for-__rpc_ping.patch
+Patch66: autofs-5.0.7-add-null-check-in-extract_version.patch
+Patch67: autofs-5.0.7-recheck-valid-map-entry-lookup-return-in-do_readmap_mount.patch
+Patch68: autofs-5.0.7-add-null-check-in-parse_server_string.patch
+Patch69: autofs-5.0.7-add-map-entry-null-check-in-do_expire_direct.patch
+Patch70: autofs-5.0.7-add-mapent-null-check-in-lookup-nisplus-lookup_mount.patch
+Patch71: autofs-5.0.7-fix-potential-null-dereference-in-lookup_mount.patch
+Patch72: autofs-5.0.7-fix-leaked-ldap-percent-hack-allocation-in-lookup_one.patch
+Patch73: autofs-5.0.7-fix-incorrect-value-reference-in-parse_line.patch
+Patch74: autofs-5.0.7-add-debug-alert-for-waitpid-in-check_nfs_mount_version.patch
+Patch75: autofs-5.0.7-add-initialization-of-bind_result-in.patch-do_sasl_bind.patch
+Patch76: autofs-5.0.7-fix-incorrect-check-in-flag_is_owned.patch
+Patch77: autofs-5.0.7-fix-possible-use-after-free-in-lookup_dir-lookup_init.patch
+Patch78: autofs-5.0.7-add-changlog-entry-for-coverity-fixes.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%if %{with_systemd}
BuildRequires: systemd-units
@@ -168,6 +197,35 @@ echo %{version}-%{release} > .version
%patch47 -p1
%patch48 -p1
%patch49 -p1
+%patch50 -p1
+%patch51 -p1
+%patch52 -p1
+%patch53 -p1
+%patch54 -p1
+%patch55 -p1
+%patch56 -p1
+%patch57 -p1
+%patch58 -p1
+%patch59 -p1
+%patch60 -p1
+%patch61 -p1
+%patch62 -p1
+%patch63 -p1
+%patch64 -p1
+%patch65 -p1
+%patch66 -p1
+%patch67 -p1
+%patch68 -p1
+%patch69 -p1
+%patch70 -p1
+%patch71 -p1
+%patch72 -p1
+%patch73 -p1
+%patch74 -p1
+%patch75 -p1
+%patch76 -p1
+%patch77 -p1
+%patch78 -p1
%build
#CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=/usr --libdir=%{_libdir}
@@ -259,6 +317,12 @@ fi
%dir /etc/auto.master.d
%changelog
+* Tue Jun 11 2013 Ian Kent <ikent at redhat.com> - 1:5.0.7-20
+- fix master map mount options matching.
+- fix master map bogus keywork match.
+- fix fix map entry duplicate offset detection.
+- add a number of fixes based on a Covarity report.
+
* Mon May 27 2013 Ian Kent <ikent at redhat.com> - 1:5.0.7-19
- dont probe rdma mounts.
More information about the scm-commits
mailing list