autofs-5.1.7 - add copy length check in umount_autofs_indirect()

From: Ian Kent <raven@themaw.net>

Add a source length check before copying to a work buffer in
umount_autofs_indirect().

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG         |    1 +
 daemon/indirect.c |   13 +++++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 5fdb4c0a..be0b9d85 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -84,6 +84,7 @@
 - fix use of possibly NULL var in lookup_program.c:match_key().
 - fix incorrect print format specifiers in get_pkt().
 - add mapent path length check in handle_packet_expire_direct().
+- add copy length check in umount_autofs_indirect().
 
 25/01/2021 autofs-5.1.7
 - make bind mounts propagation slave by default.
diff --git a/daemon/indirect.c b/daemon/indirect.c
index 9f2ca6a0..b73c2781 100644
--- a/daemon/indirect.c
+++ b/daemon/indirect.c
@@ -238,10 +238,19 @@ int umount_autofs_indirect(struct autofs_point *ap, const char *root)
 	int rv, retries;
 	unsigned int unused;
 
-	if (root)
+	if (root) {
+		if (strlen(root) > PATH_MAX) {
+			error(ap->logopt, "mountpoint path too long");
+			return 1;
+		}
 		strcpy(mountpoint, root);
-	else
+	} else {
+		if (ap->len > PATH_MAX) {
+			error(ap->logopt, "mountpoint path too long");
+			return 1;
+		}
 		strcpy(mountpoint, ap->path);
+	}
 
 	/* If we are trying to shutdown make sure we can umount */
 	rv = ops->askumount(ap->logopt, ap->ioctlfd, &unused);