ubik: Avoid unlinking garbage

If SDISK_SendFail fails before the pathname to the temporary file
has been constructed, then the failure handler will unlink stack
garbage, with variable results.

Initialise the string, and check to see if it has contents before
calling unlink

Change-Id: I1de898d5f0f0dc608e9c9c62dc66e6b4b9fdc5bf
Reviewed-on: http://gerrit.openafs.org/9299
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

diff --git a/src/ubik/remote.c b/src/ubik/remote.c
index 44917e2ac4c6300041cbfe95ab4bc844111bf635..37d938411a55fda0df963eb374796c681690354c 100644 (file)
--- a/src/ubik/remote.c
+++ b/src/ubik/remote.c
@@ -455,6 +455,7 @@ SDISK_SendFile(struct rx_call *rxcall, afs_int32 file,
     /* send the file back to the requester */
 
     dbase = ubik_dbase;
+    pbuffer[0] = '\0';
 
     if ((code = ubik_CheckAuth(rxcall))) {
        DBHOLD(dbase);
@@ -576,7 +577,9 @@ failed_locked:
 
 failed:
     if (code) {
-       unlink(pbuffer);
+       if (pbuffer[0] != '\0')
+           unlink(pbuffer);
+
        /* Failed to sync. Allow reads again for now. */
        if (dbase != NULL) {
            UBIK_VERSION_LOCK;