From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Wed, 4 Sep 2013 17:11:24 +0000 (-0400)
Subject: Windows: AFSCreate avoid race leading to NULL dereference
X-Git-Tag: upstream/1.8.0_pre1^2~993
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=7efd78539066bedeeb3b579a613d587d8aa6e623;p=packages%2Fo%2Fopenafs.git

Windows: AFSCreate avoid race leading to NULL dereference

If a test for NULL is performed ahead of an assignment and then
use of the assigned value, there is a race which can result in
the assigned value being NULL if the value being assigned is
altered by another thread.

Perform the assignment first then test based upon that.

Change-Id: I6d50619dab168c2aa12542b14217779f1be08ee9
Reviewed-on: http://gerrit.openafs.org/10296
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---

diff --git a/src/WINNT/afsrdr/kernel/lib/AFSCreate.cpp b/src/WINNT/afsrdr/kernel/lib/AFSCreate.cpp
index 3df564616..4254a7e08 100644
--- a/src/WINNT/afsrdr/kernel/lib/AFSCreate.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSCreate.cpp
@@ -4128,13 +4128,15 @@ AFSOpenSpecialShareFcb( IN PIRP Irp,
 
             pParentObjectInfo = AFSFindObjectInfo( pObjectInfo->VolumeCB,
                                                    &pObjectInfo->ParentFileId,
-                                                   TRUE);
-        }
+						   TRUE);
+	}
 
-        if( DirectoryCB->ObjectInformation->Fcb == NULL)
-        {
+	*Fcb = pObjectInfo->Fcb;
 
-            //
+	if( *Fcb == NULL)
+	{
+
+	    //
             // Allocate and initialize the Fcb for the file.
             //
 
@@ -4165,8 +4167,6 @@ AFSOpenSpecialShareFcb( IN PIRP Irp,
         else
         {
 
-            *Fcb = pObjectInfo->Fcb;
-
             AFSAcquireExcl( &(*Fcb)->NPFcb->Resource,
                             TRUE);
         }