From ec38f9ed3236005114292f08d1c77891aa3a36d3 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Fri, 14 Oct 2005 04:25:04 +0000
Subject: [PATCH] windows-locking-init-req-20051013

two cm_InitReq() calls were in the wrong place opening the possibility for
stack corruption
---
 src/WINNT/afsd/cm_vnodeops.c |  8 ++++----
 src/WINNT/afsd/smb.c         | 12 +-----------
 2 files changed, 5 insertions(+), 15 deletions(-)

diff --git a/src/WINNT/afsd/cm_vnodeops.c b/src/WINNT/afsd/cm_vnodeops.c
index 707c9aaac..caee462e7 100644
--- a/src/WINNT/afsd/cm_vnodeops.c
+++ b/src/WINNT/afsd/cm_vnodeops.c
@@ -4122,6 +4122,8 @@ void cm_CheckLocks()
     struct rx_connection * callp;
     cm_scache_t * scp;
 
+    cm_InitReq(&req);
+
     lock_ObtainWrite(&cm_scacheLock);
 
     cm_lockRefreshCycle++;
@@ -4195,8 +4197,6 @@ void cm_CheckLocks()
                     cm_fid_t cfid;
                     cm_user_t * userp;
 
-                    cm_InitReq(&req);
-
                     tfid.Volume = scp->fid.volume;
                     tfid.Vnode = scp->fid.vnode;
                     tfid.Unique = scp->fid.unique;
@@ -4292,6 +4292,8 @@ long cm_RetryLock(cm_file_lock_t *oldFileLock, int client_is_dead)
     struct rx_connection * callp;
     int newLock = -1;
 
+    cm_InitReq(&req);
+
     if (client_is_dead) {
         code = CM_ERROR_TIMEDOUT;
         goto handleCode;
@@ -4414,8 +4416,6 @@ long cm_RetryLock(cm_file_lock_t *oldFileLock, int client_is_dead)
         cm_fid_t cfid;
         cm_user_t * userp;
 
-        cm_InitReq(&req);
-
         code = cm_SyncOp(scp, NULL, oldFileLock->userp, &req, 0,
                          CM_SCACHESYNC_NEEDCALLBACK
 			 | CM_SCACHESYNC_GETSTATUS
diff --git a/src/WINNT/afsd/smb.c b/src/WINNT/afsd/smb.c
index 7f62f59c5..80bdaf459 100644
--- a/src/WINNT/afsd/smb.c
+++ b/src/WINNT/afsd/smb.c
@@ -4839,17 +4839,6 @@ smb_Rename(smb_vc_t *vcp, smb_packet_t *inp, char * oldPathp, char * newPathp, i
     spacep = inp->spacep;
     smb_StripLastComponent(spacep->data, &oldLastNamep, oldPathp);
 
-    /*
-     * Changed to use CASEFOLD always.  This enables us to rename Foo/baz when
-     * what actually exists is foo/baz.  I don't know why the code used to be
-     * the way it was.  1/29/96
-     *
-     *     	caseFold = ((vcp->flags & SMB_VCFLAG_USEV3) ? 0: CM_FLAG_CASEFOLD);
-     *
-     * Changed to use CM_FLAG_FOLLOW.  7/24/96
-     *
-     *	caseFold = CM_FLAG_CASEFOLD;
-     */
     caseFold = CM_FLAG_FOLLOW | CM_FLAG_CASEFOLD;
     code = cm_NameI(cm_data.rootSCachep, spacep->data, caseFold,
                     userp, tidPathp, &req, &oldDscp);
@@ -4962,6 +4951,7 @@ smb_Rename(smb_vc_t *vcp, smb_packet_t *inp, char * oldPathp, char * newPathp, i
     thyper.HighPart = 0;
 
     code = cm_ApplyDir(oldDscp, smb_RenameProc, &rock, &thyper, userp, &req, NULL);
+    osi_Log1(smb_logp, "smb_RenameProc returns %ld", code);
 
     if (code == CM_ERROR_STOPNOW)
         code = 0;
-- 
2.39.5