avoid leaking stat info

if a file is already CStatd we just copy out the information without doing
access checks. add an access check.

Reviewed-on: http://gerrit.openafs.org/995
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
(cherry picked from commit 6ec18461649d3e4f44b2476f886bcc480c456500)

Change-Id: I4a66c9e4229da464592c1dad94854261e5daa30d
Reviewed-on: http://gerrit.openafs.org/1076
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@dementia.org>

diff --git a/src/afs/VNOPS/afs_vnop_attrs.c b/src/afs/VNOPS/afs_vnop_attrs.c
index a26f5dbaa07f9601b6f8e52fd62634a1251a417b..2e96a00b84c5b28c536c3de8dc7c7eea1d2a0973 100644 (file)
--- a/src/afs/VNOPS/afs_vnop_attrs.c
+++ b/src/afs/VNOPS/afs_vnop_attrs.c
@@ -188,7 +188,6 @@ afs_getattr(OSI_VC_DECL(avc), struct vattr *attrs, struct AFS_UCRED *acred)
     struct vrequest treq;
     extern struct unixuser *afs_FindUser();
     struct unixuser *au;
-    int inited = 0;
     OSI_VC_CONVERT(avc);
 
     AFS_STATCNT(afs_getattr);
@@ -212,15 +211,23 @@ afs_getattr(OSI_VC_DECL(avc), struct vattr *attrs, struct AFS_UCRED *acred)
        afs_PutFakeStat(&fakestat);
        return code;
     }
+
+#if defined(AFS_SUN5_ENV) || defined(AFS_DARWIN_ENV) && !defined(AFS_DARWIN80_ENV)
 #if defined(AFS_SUN5_ENV)
-    if (flags & ATTR_HINT) {
-       code = afs_CopyOutAttrs(avc, attrs);
-       return code;
-    }
+       if (flags & ATTR_HINT)
+#else
+       if (avc->states & CUBCinit)
 #endif
-#if defined(AFS_DARWIN_ENV) && !defined(AFS_DARWIN80_ENV)
-    if (avc->states & CUBCinit) {
-       code = afs_CopyOutAttrs(avc, attrs);
+    {
+       if (!(code = afs_InitReq(&treq, acred))) {
+           if (vType(avc) != VDIR && vType(avc) != VLNK
+               !afs_AccessOK(avc, PRSFS_READ, &treq, DONT_CHECK_MODE_BITS)) {
+
+               code = EACCES;
+           }
+           if (!code)
+               code = afs_CopyOutAttrs(avc, attrs);
+       }
        return code;
     }
 #endif
@@ -232,13 +239,11 @@ afs_getattr(OSI_VC_DECL(avc), struct vattr *attrs, struct AFS_UCRED *acred)
     if (afs_shuttingdown)
        return EIO;
 
-    if (!(avc->states & CStatd)) {
-       if (!(code = afs_InitReq(&treq, acred))) {
-           code = afs_VerifyVCache2(avc, &treq);
-           inited = 1;
-       }
-    } else
-       code = 0;
+    code = afs_InitReq(&treq, acred);
+
+    if (code == 0 && !(avc->states & CStatd)) {
+       code = afs_VerifyVCache2(avc, &treq);
+    }
 
 #ifdef AFS_BOZONLOCK_ENV
     if (code == 0)
@@ -246,17 +251,17 @@ afs_getattr(OSI_VC_DECL(avc), struct vattr *attrs, struct AFS_UCRED *acred)
     afs_BozonUnlock(&avc->pvnLock, avc);
 #endif
 
+    if (code == 0 && vType(avc) != VDIR && vType(avc) != VLNK &&
+        !afs_AccessOK(avc, PRSFS_READ, &treq, DONT_CHECK_MODE_BITS)) {
+
+       code = EACCES;
+    }
 
     if (code == 0) {
        osi_FlushText(avc);     /* only needed to flush text if text locked last time */
        code = afs_CopyOutAttrs(avc, attrs);
 
        if (afs_nfsexporter) {
-           if (!inited) {
-               if ((code = afs_InitReq(&treq, acred)))
-                   return code;
-               inited = 1;
-           }
            if (AFS_NFSXLATORREQ(acred)) {
                if ((vType(avc) != VDIR)
                    && !afs_AccessOK(avc, PRSFS_READ, &treq,