From: Antoine Verheijen Date: Mon, 8 Feb 2010 23:01:46 +0000 (-0700) Subject: Fix segmentation fault in vsu_GetVolumeID X-Git-Tag: openafs-devel-1_5_72~32 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=4221d7acc8595a052dbc5fbb4366050c00d6ef37;p=packages%2Fo%2Fopenafs.git Fix segmentation fault in vsu_GetVolumeID When determining the volume type of a volume, vsu_GetVolumeID() checks to see if the volume name ends in '.backup' or '.readonly' by backing up the appropriate number of characters from the end of the name. It does not, however, check to see if it skips past the beginning of the volume name. This can result in a segmentation fault (which it has for me on many occasions during a vos release) depending on where memory is allocated or how/if memory is protected. This patch corrects this behaviour by checking the volume name string length prior to doing the string comparison. Change-Id: Ia27fcac76b86ae2707663caa6bff365a4e8dd0da Reviewed-on: http://gerrit.openafs.org/1269 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- diff --git a/src/volser/vsutils.c b/src/volser/vsutils.c index 54ad1291e..6af0b7ce4 100644 --- a/src/volser/vsutils.c +++ b/src/volser/vsutils.c @@ -449,9 +449,9 @@ vsu_GetVolumeID(char *astring, struct ubik_client *acstruct, afs_int32 *errp) vsu_ExtractName(volname, astring); vcode = VLDB_GetEntryByName(volname, &entry); if (!vcode) { - if (!strcmp(&astring[total - 9], ".readonly")) + if ((total >= 9) && (!strcmp(&astring[total - 9], ".readonly"))) return entry.volumeId[ROVOL]; - else if ((!strcmp(&astring[total - 7], ".backup"))) + else if ((total >= 7) && (!strcmp(&astring[total - 7], ".backup"))) return entry.volumeId[BACKVOL]; else return (entry.volumeId[RWVOL]);