Windows: FSCTL_SET_REPARSE_POINT NULL ptr dereference
authorJeffrey Altman <jaltman@your-file-system.com>
Thu, 21 Mar 2013 23:34:25 +0000 (19:34 -0400)
committerJeffrey Altman <jaltman@your-file-system.com>
Fri, 22 Mar 2013 14:31:56 +0000 (07:31 -0700)
Avoid a potential NULL pointer dereference if the ParentObjectInfo
object cannot be found.  If the Btree lookup fails, do not call
AFSCreateSymlink() and do not decrement the ObjectInfo refcount.
Doing so will result in a BSOD.

Change-Id: Ibd3e4ebb343f6c3cff8bf1cb160e42938d0f906c
Reviewed-on: http://gerrit.openafs.org/9643
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>

src/WINNT/afsrdr/kernel/lib/AFSFSControl.cpp

index 991e40d..cd8a953 100644 (file)
@@ -849,8 +849,7 @@ AFSProcessUserFsRequest( IN PIRP Irp)
                                                ullIndex,
                                                (AFSBTreeEntry **)&pParentObjectInfo);
 
-                if ( NT_SUCCESS( ntStatus) &&
-                     pParentObjectInfo)
+                if ( NT_SUCCESS( ntStatus))
                 {
 
                     lCount = AFSObjectInfoIncrement( pParentObjectInfo,
@@ -865,32 +864,36 @@ AFSProcessUserFsRequest( IN PIRP Irp)
 
                 AFSReleaseResource( pCcb->DirectoryCB->ObjectInformation->VolumeCB->ObjectInfoTree.TreeLock);
 
-                //
-                // Extract out the information to the call to the service
-                //
+                if ( NT_SUCCESS( ntStatus))
+                {
+
+                    //
+                    // Extract out the information to the call to the service
+                    //
 
-                ntStatus = AFSCreateSymlink( &pCcb->AuthGroup,
-                                             pParentObjectInfo,
-                                             &pCcb->DirectoryCB->NameInformation.FileName,
-                                             pCcb->DirectoryCB->ObjectInformation,
-                                             &uniTargetName);
+                    ntStatus = AFSCreateSymlink( &pCcb->AuthGroup,
+                                                 pParentObjectInfo,
+                                                 &pCcb->DirectoryCB->NameInformation.FileName,
+                                                 pCcb->DirectoryCB->ObjectInformation,
+                                                 &uniTargetName);
 
-                AFSDbgTrace(( AFS_SUBSYSTEM_FILE_PROCESSING,
-                              AFS_TRACE_LEVEL_VERBOSE_2,
-                              "AFSProcessUserFsRequest Processed FSCTL_SET_REPARSE_POINT request %wZ Type 0x%x Attrib 0x%x Status %08lX\n",
-                              &pCcb->DirectoryCB->NameInformation.FileName,
-                              pCcb->DirectoryCB->ObjectInformation->FileType,
-                              pCcb->DirectoryCB->ObjectInformation->FileAttributes,
-                              ntStatus));
+                    AFSDbgTrace(( AFS_SUBSYSTEM_FILE_PROCESSING,
+                                  AFS_TRACE_LEVEL_VERBOSE_2,
+                                  "AFSProcessUserFsRequest Processed FSCTL_SET_REPARSE_POINT request %wZ Type 0x%x Attrib 0x%x Status %08lX\n",
+                                  &pCcb->DirectoryCB->NameInformation.FileName,
+                                  pCcb->DirectoryCB->ObjectInformation->FileType,
+                                  pCcb->DirectoryCB->ObjectInformation->FileAttributes,
+                                  ntStatus));
 
-                lCount = AFSObjectInfoDecrement( pParentObjectInfo,
-                                                 AFS_OBJECT_REFERENCE_DIRENTRY);
+                    lCount = AFSObjectInfoDecrement( pParentObjectInfo,
+                                                     AFS_OBJECT_REFERENCE_DIRENTRY);
 
-                AFSDbgTrace(( AFS_SUBSYSTEM_OBJECT_REF_COUNTING,
-                              AFS_TRACE_LEVEL_VERBOSE,
-                              "AFSProcessUserFsRequest Decrement count on object %p Cnt %d\n",
-                              pParentObjectInfo,
-                              lCount));
+                    AFSDbgTrace(( AFS_SUBSYSTEM_OBJECT_REF_COUNTING,
+                                  AFS_TRACE_LEVEL_VERBOSE,
+                                  "AFSProcessUserFsRequest Decrement count on object %p Cnt %d\n",
+                                  pParentObjectInfo,
+                                  lCount));
+                }
 
                 break;
             }