From: Frank Sorenson <sorenson@xxxxxxxxxx> To avoid reading memory outside of the the string allocated for parent, tail needs to stop when it reaches or passes parent, even if it doesn't actually equal parent. Signed-off-by: Frank Sorenson <sorenson@xxxxxxxxxx> --- CHANGELOG | 1 + lib/cache.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 9af33bf0..3b22937e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -5,6 +5,7 @@ - fix root offset error handling. - fix nonstrict fail handling of last offset mount. - dont fail on duplicate offset entry tree add. +- fix loop under run in cache_get_offset_parent(). 19/10/2021 autofs-5.1.8 - add xdr_exports(). diff --git a/lib/cache.c b/lib/cache.c index 66dda5d9..8aed28ea 100644 --- a/lib/cache.c +++ b/lib/cache.c @@ -710,7 +710,7 @@ struct mapent *cache_get_offset_parent(struct mapent_cache *mc, const char *key) *tail = 0; tail--; - if (tail == parent) + if (tail <= parent) break; me = cache_lookup_distinct(mc, parent);
