Windows: AFSLocateNameEntry double free Volume RefCount

If AFSBuildMountPointTarget fails when called from AFSLocateNameEntry
the pCurrentVolume reference count will have been freed even though
the pointer has not been updated.   If the failure is
STATUS_OBJECT_NAME_NOT_FOUND and AFSLocateNameEntry was called
by AFSCreateCommon, the Volume reference count will be freed twice.

Change-Id: I0b5ccb512ea0ec2e24099dff38bbbeddebf0bee3
Reviewed-on: http://gerrit.openafs.org/9069
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>

diff --git a/src/WINNT/afsrdr/kernel/lib/AFSNameSupport.cpp b/src/WINNT/afsrdr/kernel/lib/AFSNameSupport.cpp
index 03fcfa2..45abe94 100644 (file)
--- a/src/WINNT/afsrdr/kernel/lib/AFSNameSupport.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSNameSupport.cpp
@@ -77,6 +77,7 @@ AFSLocateNameEntry( IN GUID *AuthGroup,
     AFSObjectInfoCB  *pCurrentObject = NULL;
     AFSObjectInfoCB  *pParentObjectInfo = NULL;
     AFSVolumeCB      *pCurrentVolume = *VolumeCB;
+    AFSVolumeCB      *pTargetVolume = NULL;
     BOOLEAN           bReleaseCurrentVolume = TRUE;
     LONG              VolumeReferenceReason = *pVolumeReferenceReason;
     BOOLEAN           bSubstitutedName = FALSE;
@@ -891,23 +892,9 @@ AFSLocateNameEntry( IN GUID *AuthGroup,
                     // Also decrement the ref count on the volume
                     //
 
-                    ASSERT( pCurrentVolume->VolumeReferenceCount > 0);
-
-                    lCount = AFSVolumeDecrement( pCurrentVolume,
-                                                 VolumeReferenceReason);
-
-                    AFSDbgLogMsg( AFS_SUBSYSTEM_VOLUME_REF_COUNTING,
-                                  AFS_TRACE_LEVEL_VERBOSE,
-                                  "AFSLocateNameEntry Decrement2 count on volume %p Reason %u Cnt %d\n",
-                                  pCurrentVolume,
-                                  VolumeReferenceReason,
-                                  lCount);
-
-                    bReleaseCurrentVolume = FALSE;
-
                     ntStatus = AFSBuildMountPointTarget( AuthGroup,
                                                          pDirEntry,
-                                                         &pCurrentVolume);
+                                                         &pTargetVolume);
 
                     if( !NT_SUCCESS( ntStatus))
                     {
@@ -928,7 +915,21 @@ AFSLocateNameEntry( IN GUID *AuthGroup,
 
                     ASSERT( pCurrentVolume->VolumeReferenceCount > 0);
 
-                    bReleaseCurrentVolume = TRUE;
+                    lCount = AFSVolumeDecrement( pCurrentVolume,
+                                                 VolumeReferenceReason);
+
+                    AFSDbgLogMsg( AFS_SUBSYSTEM_VOLUME_REF_COUNTING,
+                                  AFS_TRACE_LEVEL_VERBOSE,
+                                  "AFSLocateNameEntry Decrement2 count on volume %p Reason %u Cnt %d\n",
+                                  pCurrentVolume,
+                                  VolumeReferenceReason,
+                                  lCount);
+
+                    pCurrentVolume = pTargetVolume;
+
+                    pTargetVolume = NULL;
+
+                    ASSERT( pCurrentVolume->VolumeReferenceCount > 0);
 
                     VolumeReferenceReason = AFS_VOLUME_REFERENCE_MOUNTPT;