windows-afsd-minor-20050330
authorJeffrey Altman <jaltman@secure-endpoints.com>
Thu, 31 Mar 2005 07:05:21 +0000 (07:05 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Thu, 31 Mar 2005 07:05:21 +0000 (07:05 +0000)
Add bounds checking to the comparison of fid->vnode and cm_localMountPoints
when Freelance mode is used.

Fix typo in DJGPP section of smb.c

Use rx_connection * instead of rx_call * in previous fix to cm_dcache.c

src/WINNT/afsd/cm_dcache.c
src/WINNT/afsd/cm_scache.c
src/WINNT/afsd/cm_vnodeops.c
src/WINNT/afsd/smb.c

index de221e4..8d347f6 100644 (file)
@@ -55,7 +55,8 @@ long cm_BufWrite(void *vfidp, osi_hyper_t *offsetp, long length, long flags,
     osi_hyper_t thyper;
     AFSVolSync volSync;
     AFSFid tfid;
-    struct rx_call *oldCallp, *callp;
+    struct rx_call *callp;
+    struct rx_connection *rxconnp;
     osi_queueData_t *qdp;
     cm_buf_t *bufp;
     long wbytes;
@@ -129,9 +130,9 @@ long cm_BufWrite(void *vfidp, osi_hyper_t *offsetp, long length, long flags,
         if (code) 
             continue;
                
-        oldCallp = cm_GetRxConn(connp);
-        callp = rx_NewCall(oldCallp);
-        rx_PutConnection(oldCallp);
+        rxconnp = cm_GetRxConn(connp);
+        callp = rx_NewCall(rxconnp);
+        rx_PutConnection(rxconnp);
 
         osi_Log3(afsd_logp, "CALL StoreData scp 0x%x, off 0x%x, size 0x%x",
                  (long) scp, biod.offset.LowPart, nbytes);
@@ -238,7 +239,8 @@ long cm_StoreMini(cm_scache_t *scp, cm_user_t *userp, cm_req_t *reqp)
     long code;
     long truncPos;
     cm_conn_t *connp;
-    struct rx_call *oldCallp, *callp;
+    struct rx_call *callp;
+    struct rx_connection *rxconnp;
 
     /* Serialize StoreData RPC's; for rationale see cm_scache.c */
     (void) cm_SyncOp(scp, NULL, userp, reqp, 0,
@@ -266,9 +268,9 @@ long cm_StoreMini(cm_scache_t *scp, cm_user_t *userp, cm_req_t *reqp)
         if (code) 
             continue;
                
-        oldCallp = cm_GetRxConn(connp);
-        callp = rx_NewCall(oldCallp);
-        rx_PutConnection(oldCallp);
+        rxconnp = cm_GetRxConn(connp);
+        callp = rx_NewCall(rxconnp);
+        rx_PutConnection(rxconnp);
 
         code = StartRXAFS_StoreData(callp, &tfid, &inStatus,
                                     0, 0, truncPos);
@@ -1120,7 +1122,8 @@ long cm_GetBuffer(cm_scache_t *scp, cm_buf_t *bufp, int *cpffp, cm_user_t *up,
     cm_buf_t *tbufp;           /* buf we're filling */
     osi_queueData_t *qdp;              /* q element we're scanning */
     AFSFid tfid;
-    struct rx_call *oldCallp, *callp;
+    struct rx_call *callp;
+    struct rx_connection *rxconnp;
     cm_bulkIO_t biod;          /* bulk IO descriptor */
     cm_conn_t *connp;
     int getroot;
@@ -1252,9 +1255,9 @@ long cm_GetBuffer(cm_scache_t *scp, cm_buf_t *bufp, int *cpffp, cm_user_t *up,
         if (code) 
             continue;
        
-        oldCallp = cm_GetRxConn(connp);
-        callp = rx_NewCall(oldCallp);
-        rx_PutConnection(oldCallp);
+        rxconnp = cm_GetRxConn(connp);
+        callp = rx_NewCall(rxconnp);
+        rx_PutConnection(rxconnp);
 
         osi_Log3(afsd_logp, "CALL FetchData vp %x, off 0x%x, size 0x%x",
                   (long) scp, biod.offset.LowPart, biod.length);
index 81d9d22..304edbc 100644 (file)
@@ -412,7 +412,7 @@ long cm_GetSCache(cm_fid_t *fidp, cm_scache_t **outScpp, cm_user_t *userp,
          
     if (cm_freelanceEnabled && special) {
         osi_Log0(afsd_logp,"cm_getSCache Freelance and special");
-        if (fidp->vnode > 1) {
+        if (fidp->vnode > 1 && fidp->vnode <= cm_localMountPoints + 2) {
            lock_ObtainMutex(&cm_Freelance_Lock);
             mp =(cm_localMountPoints+fidp->vnode-2)->mountPointStringp;
             lock_ReleaseMutex(&cm_Freelance_Lock);
@@ -432,7 +432,10 @@ long cm_GetSCache(cm_fid_t *fidp, cm_scache_t **outScpp, cm_user_t *userp,
         cm_data.hashTablep[hash]=scp;
         scp->flags |= CM_SCACHEFLAG_INHASH;
         scp->refCount = 1;
-        scp->fileType = (cm_localMountPoints+fidp->vnode-2)->fileType;
+        if (fidp->vnode > 1 && fidp->vnode <= cm_localMountPoints + 2)
+            scp->fileType = (cm_localMountPoints+fidp->vnode-2)->fileType;
+        else 
+            scp->fileType = CM_SCACHETYPE_INVALID;
 
         lock_ObtainMutex(&cm_Freelance_Lock);
         scp->length.LowPart = strlen(mp)+4;
index 58eaa57..21747e9 100644 (file)
@@ -595,7 +595,7 @@ long cm_ApplyDir(cm_scache_t *scp, cm_DirFuncp_t funcp, void *parmp,
                 break;
             }
         }      /* if (wrong buffer) ... */
-                
+           
         /* now we have the buffer containing the entry we're interested
          * in; copy it out if it represents a non-deleted entry.
          */
index ebb3b08..5ba1b80 100644 (file)
@@ -7272,7 +7272,7 @@ void smb_Server(VOID *parmp)
         "bufp=0x%x\n",
         bufp->dos_pkt / 16, bufp);*/
         fflush(stderr);
-        dosmemget(bufp->dos_pkt, ncbp-d>ncb_length, bufp->data);
+        dosmemget(bufp->dos_pkt, ncbp->ncb_length, bufp->data);
 #endif /* DJGPP */
         smbp = (smb_t *)bufp->data;
         outbufp->flags = 0;