autofs-5.1.6 - fix quoted string length calc in expandsunent()

From: Ian Kent <raven@themaw.net>

The expandsunent() function in modules/parse_sun.c fails to properly
handle the ending " in a quoted string causing the length calculation
to not account for the ending quote and also doesn't properly account
for the remainder of the string being expanded.

Also, when called again (after being called to get the length) the
allocated buffer is too small leading to out of bounds accesses.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG           |    1 +
 modules/parse_sun.c |    6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 2c500a48..90f67336 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -9,6 +9,7 @@ xx/xx/2020 autofs-5.1.7
 - remove intr hosts map mount option.
 - fix trailing dollar sun entry expansion.
 - initialize struct addrinfo for getaddrinfo() calls.
+- fix quoted string length calc in expandsunent().
 
 07/10/2019 autofs-5.1.6
 - support strictexpire mount option.
diff --git a/modules/parse_sun.c b/modules/parse_sun.c
index f6c22d15..80fdf476 100644
--- a/modules/parse_sun.c
+++ b/modules/parse_sun.c
@@ -213,9 +213,11 @@ int expandsunent(const char *src, char *dst, const char *key,
 					*dst++ = *src;
 				src++;
 			}
-			if (*src && dst) {
+			if (*src) {
 				len++;
-				*dst++ = *src++;
+				if (dst)
+					*dst++ = *src;
+				src++;
 			}
 			break;