1 files changed, 49 insertions, 0 deletions

diff --git a/meta-networking/recipes-daemons/autofs/autofs-5.0.7/autofs-5.0.7-fix-use-cache-entry-after-free-mistake.patch b/meta-networking/recipes-daemons/autofs/autofs-5.0.7/autofs-5.0.7-fix-use-cache-entry-after-free-mistake.patch
new file mode 100644
index 0000000000..a469c16868
--- /dev/null
+++ b/meta-networking/recipes-daemons/autofs/autofs-5.0.7/autofs-5.0.7-fix-use-cache-entry-after-free-mistake.patch
@@ -0,0 +1,49 @@
+autofs-5.0.7 - fix use cache entry after free mistake
+
+From: Ian Kent <ikent@redhat.com>
+
+Fix an obvious use after free mistake in lookup_prune_one_cache().
+---
+
+ CHANGELOG       |    1 +
+ daemon/lookup.c |    7 +++++--
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+
+diff --git a/CHANGELOG b/CHANGELOG
+index faf4c80..dc38580 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -1,6 +1,7 @@
+ ??/??/2012 autofs-5.0.8
+ =======================
+ - fix nobind sun escaped map entries.
++- fix use cache entry after free in lookup_prune_one_cache().
+ 
+ 25/07/2012 autofs-5.0.7
+ =======================
+diff --git a/daemon/lookup.c b/daemon/lookup.c
+index 7909536..e3d9536 100644
+--- a/daemon/lookup.c
++++ b/daemon/lookup.c
+@@ -1103,15 +1103,18 @@ void lookup_prune_one_cache(struct autofs_point *ap, struct mapent_cache *mc, ti
+ 		if (valid)
+ 			cache_delete(mc, key);
+ 		else if (!is_mounted(_PROC_MOUNTS, path, MNTS_AUTOFS)) {
++			dev_t devid = ap->dev;
+ 			status = CHE_FAIL;
++			if (ap->type == LKP_DIRECT)
++				devid = this->dev;
+ 			if (this->ioctlfd == -1)
+ 				status = cache_delete(mc, key);
+ 			if (status != CHE_FAIL) {
+ 				if (ap->type == LKP_INDIRECT) {
+ 					if (ap->flags & MOUNT_FLAG_GHOST)
+-						rmdir_path(ap, path, ap->dev);
++						rmdir_path(ap, path, devid);
+ 				} else
+-					rmdir_path(ap, path, this->dev);
++					rmdir_path(ap, path, devid);
+ 			}
+ 		}
+ 		cache_unlock(mc);