Windows: Fix out of range pointer validation

The ACL, Stat, and Volume pointer validation checks did not take
into account that NULL is a valid pointer value.  As a result the
cache validation failed.

Change-Id: I538310d534fd4ada383d5bf0dc58d49206fe3dfb
Reviewed-on: http://gerrit.openafs.org/10453
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

diff --git a/src/WINNT/afsd/cm_aclent.c b/src/WINNT/afsd/cm_aclent.c
index 52c541b..b728b29 100644 (file)
--- a/src/WINNT/afsd/cm_aclent.c
+++ b/src/WINNT/afsd/cm_aclent.c
@@ -263,32 +263,37 @@ long cm_ValidateACLCache(void)
             return -1;
         }
 
-       if ( aclp->nextp < (cm_aclent_t *)cm_data.aclBaseAddress ||
-            aclp->nextp >= (cm_aclent_t *)cm_data.scacheBaseAddress) {
-           afsi_log("cm_ValidateACLCache failure: out of range cm_aclent_t pointers");
-           fprintf(stderr, "cm_ValidateACLCache failure: out of range cm_aclent_t pointers\n");
-           return -11;
+       if ( aclp->nextp) {
+           if ( aclp->nextp < (cm_aclent_t *)cm_data.aclBaseAddress ||
+                aclp->nextp >= (cm_aclent_t *)cm_data.scacheBaseAddress) {
+               afsi_log("cm_ValidateACLCache failure: out of range cm_aclent_t pointers");
+               fprintf(stderr, "cm_ValidateACLCache failure: out of range cm_aclent_t pointers\n");
+               return -11;
+           }
+
+           if (aclp->nextp->magic != CM_ACLENT_MAGIC) {
+               afsi_log("cm_ValidateACLCache failure: acpl->nextp->magic != CM_ACLENT_MAGIC");
+               fprintf(stderr,"cm_ValidateACLCache failure: acpl->nextp->magic != CM_ACLENT_MAGIC\n");
+               return -2;
+           }
        }
 
-        if (aclp->nextp && aclp->nextp->magic != CM_ACLENT_MAGIC) {
-            afsi_log("cm_ValidateACLCache failure: acpl->nextp->magic != CM_ACLENT_MAGIC");
-            fprintf(stderr,"cm_ValidateACLCache failure: acpl->nextp->magic != CM_ACLENT_MAGIC\n");
-            return -2;
-        }
-
-       if ( aclp->backp < (cm_scache_t *)cm_data.scacheBaseAddress ||
-            aclp->backp >= (cm_scache_t *)cm_data.dnlcBaseAddress) {
-           afsi_log("cm_ValidateACLCache failure: out of range cm_scache_t pointers");
-           fprintf(stderr, "cm_ValidateACLCache failure: out of range cm_scache_t pointers\n");
-           return -12;
+       if ( aclp->backp) {
+           if ( aclp->backp < (cm_scache_t *)cm_data.scacheBaseAddress ||
+                aclp->backp >= (cm_scache_t *)cm_data.dnlcBaseAddress) {
+               afsi_log("cm_ValidateACLCache failure: out of range cm_scache_t pointers");
+               fprintf(stderr, "cm_ValidateACLCache failure: out of range cm_scache_t pointers\n");
+               return -12;
+           }
+
+           if (aclp->backp->magic != CM_SCACHE_MAGIC) {
+               afsi_log("cm_ValidateACLCache failure: acpl->backp->magic != CM_SCACHE_MAGIC");
+               fprintf(stderr,"cm_ValidateACLCache failure: acpl->backp->magic != CM_SCACHE_MAGIC\n");
+               return -3;
+           }
        }
 
-        if (aclp->backp && aclp->backp->magic != CM_SCACHE_MAGIC) {
-            afsi_log("cm_ValidateACLCache failure: acpl->backp->magic != CM_SCACHE_MAGIC");
-            fprintf(stderr,"cm_ValidateACLCache failure: acpl->backp->magic != CM_SCACHE_MAGIC\n");
-            return -3;
-        }
-        if (count != 0 && aclp == cm_data.aclLRUp || count > size) {
+       if (count != 0 && aclp == cm_data.aclLRUp || count > size) {
             afsi_log("cm_ValidateACLCache failure: loop in cm_data.aclLRUp list");
             fprintf(stderr, "cm_ValidateACLCache failure: loop in cm_data.aclLRUp list\n");
             return -4;
@@ -311,32 +316,36 @@ long cm_ValidateACLCache(void)
             return -5;
         }
 
-       if ( aclp->nextp < (cm_aclent_t *)cm_data.aclBaseAddress ||
-            aclp->nextp >= (cm_aclent_t *)cm_data.scacheBaseAddress) {
-           afsi_log("cm_ValidateACLCache failure: out of range cm_aclent_t pointers");
-           fprintf(stderr, "cm_ValidateACLCache failure: out of range cm_aclent_t pointers\n");
-           return -14;
+       if ( aclp->nextp) {
+           if ( aclp->nextp < (cm_aclent_t *)cm_data.aclBaseAddress ||
+                aclp->nextp >= (cm_aclent_t *)cm_data.scacheBaseAddress) {
+               afsi_log("cm_ValidateACLCache failure: out of range cm_aclent_t pointers");
+               fprintf(stderr, "cm_ValidateACLCache failure: out of range cm_aclent_t pointers\n");
+               return -14;
+           }
+
+           if ( aclp->nextp->magic != CM_ACLENT_MAGIC) {
+               afsi_log("cm_ValidateACLCache failure: aclp->nextp->magic != CM_ACLENT_MAGIC");
+               fprintf(stderr, "cm_ValidateACLCache failure: aclp->nextp->magic != CM_ACLENT_MAGIC\n");
+               return -6;
+           }
        }
 
-        if (aclp->nextp && aclp->nextp->magic != CM_ACLENT_MAGIC) {
-            afsi_log("cm_ValidateACLCache failure: aclp->nextp->magic != CM_ACLENT_MAGIC");
-            fprintf(stderr, "cm_ValidateACLCache failure: aclp->nextp->magic != CM_ACLENT_MAGIC\n");
-            return -6;
-        }
-
-       if ( aclp->backp < (cm_scache_t *)cm_data.scacheBaseAddress ||
-            aclp->backp >= (cm_scache_t *)cm_data.dnlcBaseAddress) {
-           afsi_log("cm_ValidateACLCache failure: out of range cm_scache_t pointers");
-           fprintf(stderr, "cm_ValidateACLCache failure: out of range cm_scache_t pointers\n");
-           return -15;
+       if ( aclp->backp) {
+           if ( aclp->backp < (cm_scache_t *)cm_data.scacheBaseAddress ||
+                aclp->backp >= (cm_scache_t *)cm_data.dnlcBaseAddress) {
+               afsi_log("cm_ValidateACLCache failure: out of range cm_scache_t pointers");
+               fprintf(stderr, "cm_ValidateACLCache failure: out of range cm_scache_t pointers\n");
+               return -15;
+           }
+
+           if ( aclp->backp->magic != CM_SCACHE_MAGIC) {
+               afsi_log("cm_ValidateACLCache failure: aclp->backp->magic != CM_SCACHE_MAGIC");
+               fprintf(stderr, "cm_ValidateACLCache failure: aclp->backp->magic != CM_SCACHE_MAGIC\n");
+               return -7;
+           }
        }
 
-        if (aclp->backp && aclp->backp->magic != CM_SCACHE_MAGIC) {
-            afsi_log("cm_ValidateACLCache failure: aclp->backp->magic != CM_SCACHE_MAGIC");
-            fprintf(stderr, "cm_ValidateACLCache failure: aclp->backp->magic != CM_SCACHE_MAGIC\n");
-            return -7;
-        }
-
         if (count != 0 && aclp == cm_data.aclLRUEndp || count > size) {
             afsi_log("cm_ValidateACLCache failure: loop in cm_data.aclLRUEndp list");
             fprintf(stderr, "cm_ValidateACLCache failure: loop in cm_data.aclLRUEndp list\n");

diff --git a/src/WINNT/afsd/cm_scache.c b/src/WINNT/afsd/cm_scache.c
index a619428..257689b 100644 (file)
--- a/src/WINNT/afsd/cm_scache.c
+++ b/src/WINNT/afsd/cm_scache.c
@@ -538,31 +538,35 @@ cm_ValidateSCache(void)
             return -1;
         }
 
-       if ( scp->nextp < (cm_scache_t *)cm_data.scacheBaseAddress ||
-            scp->nextp >= (cm_scache_t *)cm_data.dnlcBaseAddress) {
-           afsi_log("cm_ValidateSCache failure: out of range cm_scache_t pointers");
-           fprintf(stderr, "cm_ValidateSCache failure: out of range cm_scache_t pointers\n");
-           return -21;
+       if ( scp->nextp) {
+           if ( scp->nextp < (cm_scache_t *)cm_data.scacheBaseAddress ||
+                scp->nextp >= (cm_scache_t *)cm_data.dnlcBaseAddress) {
+               afsi_log("cm_ValidateSCache failure: out of range cm_scache_t pointers");
+               fprintf(stderr, "cm_ValidateSCache failure: out of range cm_scache_t pointers\n");
+               return -21;
+           }
+
+           if ( scp->nextp->magic != CM_SCACHE_MAGIC) {
+               afsi_log("cm_ValidateSCache failure: scp->nextp->magic != CM_SCACHE_MAGIC");
+               fprintf(stderr, "cm_ValidateSCache failure: scp->nextp->magic != CM_SCACHE_MAGIC\n");
+               return -2;
+           }
        }
 
-        if (scp->nextp && scp->nextp->magic != CM_SCACHE_MAGIC) {
-            afsi_log("cm_ValidateSCache failure: scp->nextp->magic != CM_SCACHE_MAGIC");
-            fprintf(stderr, "cm_ValidateSCache failure: scp->nextp->magic != CM_SCACHE_MAGIC\n");
-            return -2;
-        }
+       if ( scp->randomACLp) {
+           if ( scp->randomACLp < (cm_aclent_t *)cm_data.aclBaseAddress ||
+                scp->randomACLp >= (cm_aclent_t *)cm_data.scacheBaseAddress) {
+               afsi_log("cm_ValidateSCache failure: out of range cm_aclent_t pointers");
+               fprintf(stderr, "cm_ValidateSCache failure: out of range cm_aclent_t pointers\n");
+               return -32;
+           }
 
-       if ( scp->randomACLp < (cm_aclent_t *)cm_data.aclBaseAddress ||
-            scp->randomACLp >= (cm_aclent_t *)cm_data.scacheBaseAddress) {
-           afsi_log("cm_ValidateSCache failure: out of range cm_aclent_t pointers");
-           fprintf(stderr, "cm_ValidateSCache failure: out of range cm_aclent_t pointers\n");
-           return -32;
+           if ( scp->randomACLp->magic != CM_ACLENT_MAGIC) {
+               afsi_log("cm_ValidateSCache failure: scp->randomACLp->magic != CM_ACLENT_MAGIC");
+               fprintf(stderr, "cm_ValidateSCache failure: scp->randomACLp->magic != CM_ACLENT_MAGIC\n");
+               return -3;
+           }
        }
-
-        if (scp->randomACLp && scp->randomACLp->magic != CM_ACLENT_MAGIC) {
-            afsi_log("cm_ValidateSCache failure: scp->randomACLp->magic != CM_ACLENT_MAGIC");
-            fprintf(stderr, "cm_ValidateSCache failure: scp->randomACLp->magic != CM_ACLENT_MAGIC\n");
-            return -3;
-        }
         if (i > cm_data.currentSCaches ) {
             afsi_log("cm_ValidateSCache failure: LRU First queue loops");
             fprintf(stderr, "cm_ValidateSCache failure: LUR First queue loops\n");
@@ -591,32 +595,37 @@ cm_ValidateSCache(void)
             return -5;
         }
 
-       if ( scp->nextp < (cm_scache_t *)cm_data.scacheBaseAddress ||
-            scp->nextp >= (cm_scache_t *)cm_data.dnlcBaseAddress) {
-           afsi_log("cm_ValidateSCache failure: out of range cm_scache_t pointers");
-           fprintf(stderr, "cm_ValidateSCache failure: out of range cm_scache_t pointers\n");
-           return -22;
+       if ( scp->nextp) {
+           if ( scp->nextp < (cm_scache_t *)cm_data.scacheBaseAddress ||
+                scp->nextp >= (cm_scache_t *)cm_data.dnlcBaseAddress) {
+               afsi_log("cm_ValidateSCache failure: out of range cm_scache_t pointers");
+               fprintf(stderr, "cm_ValidateSCache failure: out of range cm_scache_t pointers\n");
+               return -22;
+           }
+
+           if ( scp->nextp->magic != CM_SCACHE_MAGIC) {
+               afsi_log("cm_ValidateSCache failure: scp->nextp->magic != CM_SCACHE_MAGIC");
+               fprintf(stderr, "cm_ValidateSCache failure: scp->nextp->magic != CM_SCACHE_MAGIC\n");
+               return -6;
+           }
        }
 
-        if (scp->nextp && scp->nextp->magic != CM_SCACHE_MAGIC) {
-            afsi_log("cm_ValidateSCache failure: scp->nextp->magic != CM_SCACHE_MAGIC");
-            fprintf(stderr, "cm_ValidateSCache failure: scp->nextp->magic != CM_SCACHE_MAGIC\n");
-            return -6;
-        }
+       if ( scp->randomACLp) {
+           if ( scp->randomACLp < (cm_aclent_t *)cm_data.aclBaseAddress ||
+                scp->randomACLp >= (cm_aclent_t *)cm_data.scacheBaseAddress) {
+               afsi_log("cm_ValidateSCache failure: out of range cm_aclent_t pointers");
+               fprintf(stderr, "cm_ValidateSCache failure: out of range cm_aclent_t pointers\n");
+               return -31;
+           }
 
-       if ( scp->randomACLp < (cm_aclent_t *)cm_data.aclBaseAddress ||
-            scp->randomACLp >= (cm_aclent_t *)cm_data.scacheBaseAddress) {
-           afsi_log("cm_ValidateSCache failure: out of range cm_aclent_t pointers");
-           fprintf(stderr, "cm_ValidateSCache failure: out of range cm_aclent_t pointers\n");
-           return -31;
+           if ( scp->randomACLp->magic != CM_ACLENT_MAGIC) {
+               afsi_log("cm_ValidateSCache failure: scp->randomACLp->magic != CM_ACLENT_MAGIC");
+               fprintf(stderr, "cm_ValidateSCache failure: scp->randomACLp->magic != CM_ACLENT_MAGIC\n");
+               return -7;
+           }
        }
 
-        if (scp->randomACLp && scp->randomACLp->magic != CM_ACLENT_MAGIC) {
-            afsi_log("cm_ValidateSCache failure: scp->randomACLp->magic != CM_ACLENT_MAGIC");
-            fprintf(stderr, "cm_ValidateSCache failure: scp->randomACLp->magic != CM_ACLENT_MAGIC\n");
-            return -7;
-        }
-        if (i > cm_data.currentSCaches ) {
+       if (i > cm_data.currentSCaches ) {
             afsi_log("cm_ValidateSCache failure: LRU Last queue loops");
             fprintf(stderr, "cm_ValidateSCache failure: LUR Last queue loops\n");
             return -14;
@@ -647,32 +656,37 @@ cm_ValidateSCache(void)
                 return -9;
             }
 
-           if ( scp->nextp < (cm_scache_t *)cm_data.scacheBaseAddress ||
-                scp->nextp >= (cm_scache_t *)cm_data.dnlcBaseAddress) {
-               afsi_log("cm_ValidateSCache failure: out of range cm_scache_t pointers");
-               fprintf(stderr, "cm_ValidateSCache failure: out of range cm_scache_t pointers\n");
-               return -23;
+           if ( scp->nextp) {
+               if ( scp->nextp < (cm_scache_t *)cm_data.scacheBaseAddress ||
+                    scp->nextp >= (cm_scache_t *)cm_data.dnlcBaseAddress) {
+                   afsi_log("cm_ValidateSCache failure: out of range cm_scache_t pointers");
+                   fprintf(stderr, "cm_ValidateSCache failure: out of range cm_scache_t pointers\n");
+                   return -23;
+               }
+
+               if ( scp->nextp->magic != CM_SCACHE_MAGIC) {
+                   afsi_log("cm_ValidateSCache failure: scp->nextp->magic != CM_SCACHE_MAGIC");
+                   fprintf(stderr, "cm_ValidateSCache failure: scp->nextp->magic != CM_SCACHE_MAGIC\n");
+                   return -10;
+               }
            }
 
-            if (scp->nextp && scp->nextp->magic != CM_SCACHE_MAGIC) {
-                afsi_log("cm_ValidateSCache failure: scp->nextp->magic != CM_SCACHE_MAGIC");
-                fprintf(stderr, "cm_ValidateSCache failure: scp->nextp->magic != CM_SCACHE_MAGIC\n");
-                return -10;
-            }
+           if ( scp->randomACLp) {
+               if ( scp->randomACLp < (cm_aclent_t *)cm_data.aclBaseAddress ||
+                    scp->randomACLp >= (cm_aclent_t *)cm_data.scacheBaseAddress) {
+                   afsi_log("cm_ValidateSCache failure: out of range cm_aclent_t pointers");
+                   fprintf(stderr, "cm_ValidateSCache failure: out of range cm_aclent_t pointers\n");
+                   return -30;
+               }
 
-           if ( scp->randomACLp < (cm_aclent_t *)cm_data.aclBaseAddress ||
-                scp->randomACLp >= (cm_aclent_t *)cm_data.scacheBaseAddress) {
-               afsi_log("cm_ValidateSCache failure: out of range cm_aclent_t pointers");
-               fprintf(stderr, "cm_ValidateSCache failure: out of range cm_aclent_t pointers\n");
-               return -30;
+               if ( scp->randomACLp->magic != CM_ACLENT_MAGIC) {
+                   afsi_log("cm_ValidateSCache failure: scp->randomACLp->magic != CM_ACLENT_MAGIC");
+                   fprintf(stderr, "cm_ValidateSCache failure: scp->randomACLp->magic != CM_ACLENT_MAGIC\n");
+                   return -11;
+               }
            }
 
-            if (scp->randomACLp && scp->randomACLp->magic != CM_ACLENT_MAGIC) {
-                afsi_log("cm_ValidateSCache failure: scp->randomACLp->magic != CM_ACLENT_MAGIC");
-                fprintf(stderr, "cm_ValidateSCache failure: scp->randomACLp->magic != CM_ACLENT_MAGIC\n");
-                return -11;
-            }
-            if (hash != i) {
+           if (hash != i) {
                 afsi_log("cm_ValidateSCache failure: scp hash != hash index");
                 fprintf(stderr, "cm_ValidateSCache failure: scp hash != hash index\n");
                 return -13;

diff --git a/src/WINNT/afsd/cm_volume.c b/src/WINNT/afsd/cm_volume.c
index 87ad865..8aeece1 100644 (file)
--- a/src/WINNT/afsd/cm_volume.c
+++ b/src/WINNT/afsd/cm_volume.c
@@ -59,18 +59,20 @@ cm_ValidateVolume(void)
             return -2;
         }
 
-       if ( volp->allNextp < (cm_volume_t *)cm_data.volumeBaseAddress ||
-            volp->allNextp >= (cm_volume_t *)cm_data.cellBaseAddress) {
-           afsi_log("cm_ValidateVolume failure: out of range cm_volume_t pointers");
-           fprintf(stderr, "cm_ValidateVolume failure: out of range cm_volume_t pointers\n");
-           return -12;
-       }
+       if ( volp->allNextp) {
+           if ( volp->allNextp < (cm_volume_t *)cm_data.volumeBaseAddress ||
+                volp->allNextp >= (cm_volume_t *)cm_data.cellBaseAddress) {
+               afsi_log("cm_ValidateVolume failure: out of range cm_volume_t pointers");
+               fprintf(stderr, "cm_ValidateVolume failure: out of range cm_volume_t pointers\n");
+               return -12;
+           }
 
-        if ( volp->allNextp && volp->allNextp->magic != CM_VOLUME_MAGIC ) {
-            afsi_log("cm_ValidateVolume failure: volp->allNextp->magic != CM_VOLUME_MAGIC");
-            fprintf(stderr, "cm_ValidateVolume failure: volp->allNextp->magic != CM_VOLUME_MAGIC\n");
-            return -3;
-        }
+           if ( volp->allNextp->magic != CM_VOLUME_MAGIC ) {
+               afsi_log("cm_ValidateVolume failure: volp->allNextp->magic != CM_VOLUME_MAGIC");
+               fprintf(stderr, "cm_ValidateVolume failure: volp->allNextp->magic != CM_VOLUME_MAGIC\n");
+               return -3;
+           }
+       }
 
         if ( count != 0 && volp == cm_data.allVolumesp ||
              count > cm_data.maxVolumes ) {