Prevent crash on Windows when data version goes backwards
authorJeffrey Altman <jaltman@secure-endpoints.com>
Tue, 14 Jul 2009 21:49:00 +0000 (17:49 -0400)
committerJeffrey Altman <jaltman@openafs.org>
Tue, 14 Jul 2009 21:53:47 +0000 (15:53 -0600)
Within cm_MergeStatus() cm_FindVolumeByID() was called with
a NULL pointer instead of a valid cm_req_t object pointer
in the case where the data version for an object received
from the file server is smaller than the value already stored
in the cache.   This results in a NULL pointer dereference.

Allocate a cm_req_t object on the stack and initialize it
before calling cm_FindVolumeByID() in this case.

LICENSE MIT

Reviewed-on: http://gerrit.openafs.org/83
Verified-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>

src/WINNT/afsd/cm_scache.c

index 84eb866..d03052b 100644 (file)
@@ -1576,9 +1576,12 @@ void cm_MergeStatus(cm_scache_t *dscp,
         cellp = cm_FindCellByID(scp->fid.cell, 0);
         if (scp->cbServerp) {
             struct cm_volume *volp = NULL;
+            cm_req_t req;
+
+            cm_InitReq(&req);
 
             cm_FindVolumeByID(cellp, scp->fid.volume, userp,
-                              (cm_req_t *) NULL, CM_GETVOL_FLAG_CREATE, &volp);
+                              &req, CM_GETVOL_FLAG_CREATE, &volp);
             osi_Log2(afsd_logp, "old data from server %x volume %s",
                       scp->cbServerp->addr.sin_addr.s_addr,
                       volp ? volp->namep : "(unknown)");