Fix segmentation fault in vsu_GetVolumeID

When determining the volume type of a volume, vsu_GetVolumeID() checks
to see if the volume name ends in '.backup' or '.readonly' by backing
up the appropriate number of characters from the end of the name. It
does not, however, check to see if it skips past the beginning of the
volume name. This can result in a segmentation fault (which it has for
me on many occasions during a vos release) depending on where memory
is allocated or how/if memory is protected.

This patch corrects this behaviour by checking the volume name string
length prior to doing the string comparison.

Change-Id: Ia27fcac76b86ae2707663caa6bff365a4e8dd0da
Reviewed-on: http://gerrit.openafs.org/1269
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
(cherry picked from commit 4221d7acc8595a052dbc5fbb4366050c00d6ef37)
Reviewed-on: http://gerrit.openafs.org/1270

diff --git a/src/volser/vsutils.c b/src/volser/vsutils.c
index e8c47f1..edc2aa4 100644 (file)
--- a/src/volser/vsutils.c
+++ b/src/volser/vsutils.c
@@ -457,9 +457,9 @@ vsu_GetVolumeID(char *astring, struct ubik_client *acstruct, afs_int32 *errp)
     vsu_ExtractName(volname, astring);
     vcode = VLDB_GetEntryByName(volname, &entry);
     if (!vcode) {
-      if (!strcmp(&astring[total - 9], ".readonly"))
+      if ((total >= 9) && (!strcmp(&astring[total - 9], ".readonly")))
        return entry.volumeId[ROVOL];
-      else if ((!strcmp(&astring[total - 7], ".backup")))
+      else if ((total >= 7) && (!strcmp(&astring[total - 7], ".backup")))
        return entry.volumeId[BACKVOL];
       else
        return (entry.volumeId[RWVOL]);