]> git.michaelhowe.org Git - packages/o/openafs.git/commitdiff
projects / packages / o / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5886653)
STABLE14-windows-winqual-20060206
authorJeffrey Altman <jaltman@secure-endpoints.com>
Mon, 6 Feb 2006 07:07:08 +0000 (07:07 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Mon, 6 Feb 2006 07:07:08 +0000 (07:07 +0000)
Fix two bugs reported via Windows Crash Reporting:

 * Freelance initialization is somehow broken allowing the number of
   locally defined mountpoints to become negative.  Due to the use of
   != instead of < in loops, it is possible to read/write unallocated
   memory.

 * GetTextualSid() was not properly handling a NULL output buffer
   pointer as an indication that the desired size should be returned.

(cherry picked from commit 77de32ed745d912e35990c5602b4a69a1b654973)

src/WINNT/afsd/cm_freelance.c patch | blob | history
src/WINNT/afsd/cm_memmap.c patch | blob | history

diff --git a/src/WINNT/afsd/cm_freelance.c b/src/WINNT/afsd/cm_freelance.c
index e539a35174850e5895403afeb89a5ce12e91c585..7f4ffadaeed8be7185c1ef9bd273a9fcc5135fa0 100644 (file)
--- a/src/WINNT/afsd/cm_freelance.c
+++ b/src/WINNT/afsd/cm_freelance.c
@@ -217,7 +217,7 @@ void cm_InitFakeRootDir() {
     /* Reserve 2 directory chunks for "." and ".." */
     curChunk += 2;
 
-    while (curDirEntry!=cm_noLocalMountPoints) {
+    while (curDirEntry<cm_noLocalMountPoints) {
         sizeOfCurEntry = cm_NameEntries((cm_localMountPoints+curDirEntry)->namep, 0);
         if ((curChunk + sizeOfCurEntry >= CPP) ||
              (curDirEntryInPage + 1 >= CM_DIR_EPP)) {
@@ -282,7 +282,7 @@ void cm_InitFakeRootDir() {
     // 2. we have less than CM_DIR_EPP entries in page 0
     // 3. we're not out of chunks in page 0
 
-    while( (curDirEntry!=cm_noLocalMountPoints) && 
+    while( (curDirEntry<cm_noLocalMountPoints) && 
            (curDirEntryInPage < CM_DIR_EPP) &&
            (curChunk + cm_NameEntries((cm_localMountPoints+curDirEntry)->namep, 0) <= CPP)) 
     {       
@@ -311,7 +311,7 @@ void cm_InitFakeRootDir() {
     curPage++;
 
     // ok, page 0's done. Move on to the next page.
-    while (curDirEntry!=cm_noLocalMountPoints) {
+    while (curDirEntry<cm_noLocalMountPoints) {
         // setup a new page
         curChunk = 1;                  // the zeroth chunk is reserved for page header
         curDirEntryInPage = 0; 
@@ -323,7 +323,7 @@ void cm_InitFakeRootDir() {
         fakePageHeader.tag = htons(1234);
 
         // while we're on the same page...
-        while ( (curDirEntry!=cm_noLocalMountPoints) &&
+        while ( (curDirEntry<cm_noLocalMountPoints) &&
                 (curDirEntryInPage < CM_DIR_EPP) &&
                 (curChunk + cm_NameEntries((cm_localMountPoints+curDirEntry)->namep, 0) <= CPP))
         {
diff --git a/src/WINNT/afsd/cm_memmap.c b/src/WINNT/afsd/cm_memmap.c
index a9ad74feeebc0ff4e344344c1e1c84c4f385b9d7..c7f8d72337ed6473206992dca8b381f4cc884ec4 100644 (file)
--- a/src/WINNT/afsd/cm_memmap.c
+++ b/src/WINNT/afsd/cm_memmap.c
@@ -474,7 +474,7 @@ BOOL GetTextualSid( PSID pSid, PBYTE TextualSid, LPDWORD lpdwBufferLen )
     // Check input buffer length.
     // If too small, indicate the proper size and set the last error.
 
-    if (*lpdwBufferLen < dwSidSize)
+    if (TextualSid == NULL || *lpdwBufferLen < dwSidSize)
     {
         *lpdwBufferLen = dwSidSize;
         SetLastError(ERROR_INSUFFICIENT_BUFFER);