Ubuntu
autofs package

Merge ~ahasenack/ubuntu/+source/autofs:noble-autofs-segfault-2061667 into ubuntu/+source/autofs:ubuntu/devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/autofs
  3. noble-autofs-segfault-2061667
  4. Merge into ubuntu/devel
Proposed by Andreas Hasenack
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merged at revision: 4fd6f97f11d859a791ddf5b3818c9590a25670ab
Proposed branch: ~ahasenack/ubuntu/+source/autofs:noble-autofs-segfault-2061667
Merge into: ubuntu/+source/autofs:ubuntu/devel
Diff against target: 58 lines (+36/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/adjust-buffer-size-for-snprintf.patch (+28/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Robie Basak Approve
Canonical Server Reporter Pending
Review via email: mp+464560@code.launchpad.net

Description of the change

This fixes a segfault in autofs.

I prepared a PPA to see if it fixes it for him: https://launchpad.net/~ahasenack/+archive/ubuntu/autofs-segfault-2061667/+packages

DEP8 tests are running, but they didn't catch this. An extra option is needed, which can either be in /etc/auto.master (my reproducer), or added automatically depending on the running kernel, as far as I can tell.

Regardless, the reproducer is basically:

/etc/auto.master:
/- file,sun:/etc/auto.mp strictexpire

/etc/auto.mp:
/mp defaults :/dev/loop0

I used a a loop device instead of other mount point, set one up with losetup to test.

Then just starting automount is enough to show the segfault in noble.

I just sent the fix upstream (see DEP3 headers), and it's still too early for a response.

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

DEP8 tests just finished:

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-noble-ahasenack-autofs-segfault-2061667/?format=plain)
  autofs @ amd64:
    17.04.24 18:29:09 Log 🗒️ ✅ Triggers: autofs/5.1.9-1ubuntu4~ppa1

https://autopkgtest.ubuntu.com/results/autopkgtest-noble-ahasenack-autofs-segfault-2061667/noble/amd64/a/autofs/20240417_182909_dae21@/log.gz

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Got confirmation from the reporter in the bug that the ppa fixed the crash.

Revision history for this message
Robie Basak (racb) :
review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: ahasenack, racb
Uploaders: ahasenack, racb
MP auto-approved

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, uploaded:

Uploading autofs_5.1.9-1ubuntu4.dsc
Uploading autofs_5.1.9-1ubuntu4.debian.tar.xz
Uploading autofs_5.1.9-1ubuntu4_source.buildinfo
Uploading autofs_5.1.9-1ubuntu4_source.changes

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index a75d9e0..d91efee 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+autofs (5.1.9-1ubuntu4) noble; urgency=medium
7+
8+ * d/p/adjust-buffer-size-for-snprintf.patch: fix buffer size when
9+ appending to a string (LP: #2061667)
10+
11+ -- Andreas Hasenack <andreas@canonical.com> Wed, 17 Apr 2024 11:47:05 -0300
12+
13 autofs (5.1.9-1ubuntu3) noble; urgency=medium
14
15 * No-change rebuild for CVE-2024-3094
16diff --git a/debian/patches/adjust-buffer-size-for-snprintf.patch b/debian/patches/adjust-buffer-size-for-snprintf.patch
17new file mode 100644
18index 0000000..af2bbe1
19--- /dev/null
20+++ b/debian/patches/adjust-buffer-size-for-snprintf.patch
21@@ -0,0 +1,28 @@
22+Description: Fix buffer size in snprinf() call
23+Author: Andreas Hasenack <andreas.hasenack@canonical.com>
24+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/autofs/+bug/2061667
25+Forwarded: https://lore.kernel.org/autofs/CANYNYEEpJabu=qiQ2VUde6J4HUC9mQSgCGksbLQqGsr1-w5NYg@mail.gmail.com/T/#u
26+Last-Update: 2024-04-17
27+
28+diff --git a/lib/mounts.c b/lib/mounts.c
29+index 05f18dbc..f1c5795b 100644
30+--- a/lib/mounts.c
31++++ b/lib/mounts.c
32+@@ -760,7 +760,7 @@ char *make_options_string(char *path, int pipefd,
33+ /* maybe add ",strictexpire" */
34+ if (flags & MOUNT_FLAG_STRICTEXPIRE) {
35+ new = snprintf(options + len,
36+- max_len, "%s", ",strictexpire");
37++ max_len - len, "%s", ",strictexpire");
38+ if (new < 0)
39+ goto error_out;
40+ len += new;
41+@@ -774,7 +774,7 @@ char *make_options_string(char *path, int pipefd,
42+ /* maybe add ",ignore" */
43+ if (flags & MOUNT_FLAG_IGNORE) {
44+ new = snprintf(options + len,
45+- max_len, "%s", ",ignore");
46++ max_len - len, "%s", ",ignore");
47+ if (new < 0)
48+ goto error_out;
49+ len += new;
50diff --git a/debian/patches/series b/debian/patches/series
51index 6cd3624..673f615 100644
52--- a/debian/patches/series
53+++ b/debian/patches/series
54@@ -12,3 +12,4 @@ spelling-error-fixes.patch
55 fix-lookup-ldap-crash.patch
56 fix-nfs4-mounts-in-auto-net.patch
57 ntlm-crammd5-require-credentials.patch
58+adjust-buffer-size-for-snprintf.patch

Subscribers

People subscribed via source and target branches