From: Jeffrey Altman Date: Tue, 14 Jul 2009 21:49:00 +0000 (-0400) Subject: Prevent crash on Windows when data version goes backwards X-Git-Tag: openafs-devel-1_5_61~116 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=d9445f505ad0fc5a993d954a2d6654785c140351;p=packages%2Fo%2Fopenafs.git Prevent crash on Windows when data version goes backwards Within cm_MergeStatus() cm_FindVolumeByID() was called with a NULL pointer instead of a valid cm_req_t object pointer in the case where the data version for an object received from the file server is smaller than the value already stored in the cache. This results in a NULL pointer dereference. Allocate a cm_req_t object on the stack and initialize it before calling cm_FindVolumeByID() in this case. LICENSE MIT Reviewed-on: http://gerrit.openafs.org/83 Verified-by: Jeffrey Altman Reviewed-by: Jeffrey Altman --- diff --git a/src/WINNT/afsd/cm_scache.c b/src/WINNT/afsd/cm_scache.c index 84eb8664e..d03052b14 100644 --- a/src/WINNT/afsd/cm_scache.c +++ b/src/WINNT/afsd/cm_scache.c @@ -1576,9 +1576,12 @@ void cm_MergeStatus(cm_scache_t *dscp, cellp = cm_FindCellByID(scp->fid.cell, 0); if (scp->cbServerp) { struct cm_volume *volp = NULL; + cm_req_t req; + + cm_InitReq(&req); cm_FindVolumeByID(cellp, scp->fid.volume, userp, - (cm_req_t *) NULL, CM_GETVOL_FLAG_CREATE, &volp); + &req, CM_GETVOL_FLAG_CREATE, &volp); osi_Log2(afsd_logp, "old data from server %x volume %s", scp->cbServerp->addr.sin_addr.s_addr, volp ? volp->namep : "(unknown)");