From 05ee11d3155489bf28ca35b8b1ea4f32c97bf76b Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Fri, 19 Oct 2007 05:25:39 +0000 Subject: [PATCH] windows-pioctl-parse-path-20071018 cm_ParseIoctlPath() moves the ioctlp->inDatap past the ioctl path to the next data value if there is one. Make sure we move the pointer before we alter the contents of the buffer. Otherwise, the caller uses the wrong string for its next data blob. --- src/WINNT/afsd/cm_ioctl.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/WINNT/afsd/cm_ioctl.c b/src/WINNT/afsd/cm_ioctl.c index e019ca533c..71a268207f 100644 --- a/src/WINNT/afsd/cm_ioctl.c +++ b/src/WINNT/afsd/cm_ioctl.c @@ -201,10 +201,14 @@ long cm_ParseIoctlPath(smb_ioctl_t *ioctlp, cm_user_t *userp, cm_req_t *reqp, cm_scache_t *substRootp = NULL; cm_scache_t *iscp = NULL; #endif - char * relativePath = ioctlp->inDatap; + char * relativePath; char * lastComponent = NULL; afs_uint32 follow = 0; + relativePath = ioctlp->inDatap; + /* setup the next data value for the caller to use */ + ioctlp->inDatap += (long)strlen(ioctlp->inDatap) + 1;; + osi_Log1(afsd_logp, "cm_ParseIoctlPath %s", osi_LogSaveString(afsd_logp,relativePath)); /* This is usually the file name, but for StatMountPoint it is the path. */ @@ -216,6 +220,9 @@ long cm_ParseIoctlPath(smb_ioctl_t *ioctlp, cm_user_t *userp, cm_req_t *reqp, */ TranslateExtendedChars(relativePath); + /* This is usually nothing, but for StatMountPoint it is the file name. */ + TranslateExtendedChars(ioctlp->inDatap); + #ifdef AFSIFS /* we have passed the whole path, including the afs prefix. when the pioctl call is made, we perform an ioctl to afsrdr @@ -370,13 +377,6 @@ long cm_ParseIoctlPath(smb_ioctl_t *ioctlp, cm_user_t *userp, cm_req_t *reqp, } #endif /* AFSIFS */ - /* # of bytes of path */ - code = (long)strlen(ioctlp->inDatap) + 1; - ioctlp->inDatap += code; - - /* This is usually nothing, but for StatMountPoint it is the file name. */ - TranslateExtendedChars(ioctlp->inDatap); - if (substRootp) cm_ReleaseSCache(substRootp);