From 7efd78539066bedeeb3b579a613d587d8aa6e623 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Wed, 4 Sep 2013 13:11:24 -0400
Subject: [PATCH] Windows: AFSCreate avoid race leading to NULL dereference

If a test for NULL is performed ahead of an assignment and then
use of the assigned value, there is a race which can result in
the assigned value being NULL if the value being assigned is
altered by another thread.

Perform the assignment first then test based upon that.

Change-Id: I6d50619dab168c2aa12542b14217779f1be08ee9
Reviewed-on: http://gerrit.openafs.org/10296
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---
 src/WINNT/afsrdr/kernel/lib/AFSCreate.cpp | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/WINNT/afsrdr/kernel/lib/AFSCreate.cpp b/src/WINNT/afsrdr/kernel/lib/AFSCreate.cpp
index 3df564616..4254a7e08 100644
--- a/src/WINNT/afsrdr/kernel/lib/AFSCreate.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSCreate.cpp
@@ -4128,13 +4128,15 @@ AFSOpenSpecialShareFcb( IN PIRP Irp,
 
             pParentObjectInfo = AFSFindObjectInfo( pObjectInfo->VolumeCB,
                                                    &pObjectInfo->ParentFileId,
-                                                   TRUE);
-        }
+						   TRUE);
+	}
 
-        if( DirectoryCB->ObjectInformation->Fcb == NULL)
-        {
+	*Fcb = pObjectInfo->Fcb;
 
-            //
+	if( *Fcb == NULL)
+	{
+
+	    //
             // Allocate and initialize the Fcb for the file.
             //
 
@@ -4165,8 +4167,6 @@ AFSOpenSpecialShareFcb( IN PIRP Irp,
         else
         {
 
-            *Fcb = pObjectInfo->Fcb;
-
             AFSAcquireExcl( &(*Fcb)->NPFcb->Resource,
                             TRUE);
         }
-- 
2.39.5