From 90fe95e994efe62175959aab95c276898f1ff54c Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Thu, 14 Aug 2008 21:19:34 +0000 Subject: [PATCH] windows-server-dereference-null-20080814 LICENSE MIT protect against a null pointer dereference of a cm_server_t object --- src/WINNT/afsd/cm_scache.c | 18 ++++++++++++++---- src/WINNT/afsd/cm_volume.c | 28 +++++++++++++++------------- 2 files changed, 29 insertions(+), 17 deletions(-) diff --git a/src/WINNT/afsd/cm_scache.c b/src/WINNT/afsd/cm_scache.c index 2179f4491..d95662e8f 100644 --- a/src/WINNT/afsd/cm_scache.c +++ b/src/WINNT/afsd/cm_scache.c @@ -1913,6 +1913,7 @@ int cm_DumpSCache(FILE *outputFile, char *cookie, int lock) { int zilch; cm_scache_t *scp; + osi_queue_t *q; char output[2048]; int i; @@ -1932,9 +1933,7 @@ int cm_DumpSCache(FILE *outputFile, char *cookie, int lock) WriteFile(outputFile, output, (DWORD)strlen(output), &zilch, NULL); if (scp->fileLocksH) { - osi_queue_t *q; - - sprintf(output, " %s - begin dumping all locks\r\n", cookie); + sprintf(output, " %s - begin dumping scp locks\r\n", cookie); WriteFile(outputFile, output, (DWORD)strlen(output), &zilch, NULL); for (q = scp->fileLocksH; q; q = osi_QNext(q)) { @@ -1945,7 +1944,7 @@ int cm_DumpSCache(FILE *outputFile, char *cookie, int lock) WriteFile(outputFile, output, (DWORD)strlen(output), &zilch, NULL); } - sprintf(output, " %s - done dumping all locks\r\n", cookie); + sprintf(output, " %s - done dumping scp locks\r\n", cookie); WriteFile(outputFile, output, (DWORD)strlen(output), &zilch, NULL); } } @@ -1968,8 +1967,19 @@ int cm_DumpSCache(FILE *outputFile, char *cookie, int lock) sprintf(output, "%s - Done dumping cm_data.scacheHashTable\r\n", cookie); WriteFile(outputFile, output, (DWORD)strlen(output), &zilch, NULL); + sprintf(output, "%s - begin dumping all file locks\r\n", cookie); + WriteFile(outputFile, output, (DWORD)strlen(output), &zilch, NULL); + for (q = cm_allFileLocks; q; q = osi_QNext(q)) { + cm_file_lock_t * lockp = (cm_file_lock_t *)q; + sprintf(output, "%s filelockp=0x%p scp=0x%p, cm_userp=0x%p offset=0x%I64x len=0x%08I64x type=0x%x key=0x%I64x flags=0x%x update=0x%I64u\r\n", + cookie, lockp, lockp->scp, lockp->userp, lockp->range.offset, lockp->range.length, + lockp->lockType, lockp->key, lockp->flags, (afs_uint64)lockp->lastUpdate); + WriteFile(outputFile, output, (DWORD)strlen(output), &zilch, NULL); + } + sprintf(output, "%s - done dumping all file locks\r\n", cookie); + WriteFile(outputFile, output, (DWORD)strlen(output), &zilch, NULL); if (lock) lock_ReleaseRead(&cm_scacheLock); diff --git a/src/WINNT/afsd/cm_volume.c b/src/WINNT/afsd/cm_volume.c index c9d3eb2a5..fa2cef67a 100644 --- a/src/WINNT/afsd/cm_volume.c +++ b/src/WINNT/afsd/cm_volume.c @@ -1284,21 +1284,23 @@ cm_UpdateVolumeStatusInt(cm_volume_t *volp, struct cm_vol_state *statep) lock_ObtainWrite(&cm_serverLock); for (tsrp = statep->serversp; tsrp; tsrp=tsrp->next) { tsp = tsrp->server; - cm_GetServerNoLock(tsp); - if (!(tsp->flags & CM_SERVERFLAG_DOWN)) { - allDown = 0; - if (tsrp->status == srv_busy) { - allOffline = 0; - someBusy = 1; - } else if (tsrp->status == srv_offline) { - allBusy = 0; - someOffline = 1; - } else { - allOffline = 0; - allBusy = 0; + if (tsp) { + cm_GetServerNoLock(tsp); + if (!(tsp->flags & CM_SERVERFLAG_DOWN)) { + allDown = 0; + if (tsrp->status == srv_busy) { + allOffline = 0; + someBusy = 1; + } else if (tsrp->status == srv_offline) { + allBusy = 0; + someOffline = 1; + } else { + allOffline = 0; + allBusy = 0; + } } + cm_PutServerNoLock(tsp); } - cm_PutServerNoLock(tsp); } lock_ReleaseWrite(&cm_serverLock); -- 2.39.5