File autofs-5.1.6-fix-quoted-string-length-calc-in-expand.patch of Package autofs.23455

From 22727b10a9e6d619471998d807b2be3d2fd851a3 Mon Sep 17 00:00:00 2001
From: Ian Kent <raven@themaw.net>
Date: Tue, 2 Jun 2020 13:06:36 +0800
Subject: [PATCH] autofs-5.1.6 - fix quoted string length calc in
 expandsunent()

The expandsunent() function in modules/parse_sun.c fails to properly
handle the ending " in a quoted string causing the length calculation
to not account for the ending quote and also doesn't properly account
for the remainder of the string being expanded.

Also, when called again (after being called to get the length) the
allocated buffer is too small leading to out of bounds accesses.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 modules/parse_sun.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/modules/parse_sun.c
+++ b/modules/parse_sun.c
@@ -201,9 +201,11 @@ int expandsunent(const char *src, char *
 					*dst++ = *src;
 				src++;
 			}
-			if (*src && dst) {
+			if (*src) {
 				len++;
-				*dst++ = *src++;
+				if (dst)
+					*dst++ = *src;
+				src++;
 			}
 			break;