autofs-5.1.8 - fix unterminated read in handle_cmd_pipe_fifo_message()

From: Ian Kent <raven@themaw.net>

As Coverity points out the buffer in handle_cmd_pipe_fifo_message()
could be overflowed and end up not terminated so fix it.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG          |    1 +
 daemon/automount.c |    7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 1eab3d53..b18921ef 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -70,6 +70,7 @@
 - switch to application wide command pipe.
 - get rid of unused field submnt_count.
 - fix mount tree startup reconnect.
+- fix unterminated read in handle_cmd_pipe_fifo_message().
 
 19/10/2021 autofs-5.1.8
 - add xdr_exports().
diff --git a/daemon/automount.c b/daemon/automount.c
index 0e43e942..4fefb870 100644
--- a/daemon/automount.c
+++ b/daemon/automount.c
@@ -1452,7 +1452,6 @@ static void handle_cmd_pipe_fifo_message(int fd)
 	int ret;
 	long pri;
 
-	memset(buffer, 0, sizeof(buffer));
 	ret = read(fd, &buffer, sizeof(buffer));
 	if (ret < 0) {
 		char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
@@ -1460,6 +1459,12 @@ static void handle_cmd_pipe_fifo_message(int fd)
 		     "read on command pipe returned error: %s", estr);
 		return;
 	}
+	if (ret >= sizeof(buffer)) {
+		error(LOGOPT_ANY,
+		      "read overrun on command pipe message");
+		return;
+	}
+	buffer[ret] = 0;
 
 	sep = strrchr(buffer, ' ');
 	if (!sep) {