From 4221d7acc8595a052dbc5fbb4366050c00d6ef37 Mon Sep 17 00:00:00 2001 From: Antoine Verheijen Date: Mon, 8 Feb 2010 16:01:46 -0700 Subject: [PATCH] Fix segmentation fault in vsu_GetVolumeID When determining the volume type of a volume, vsu_GetVolumeID() checks to see if the volume name ends in '.backup' or '.readonly' by backing up the appropriate number of characters from the end of the name. It does not, however, check to see if it skips past the beginning of the volume name. This can result in a segmentation fault (which it has for me on many occasions during a vos release) depending on where memory is allocated or how/if memory is protected. This patch corrects this behaviour by checking the volume name string length prior to doing the string comparison. Change-Id: Ia27fcac76b86ae2707663caa6bff365a4e8dd0da Reviewed-on: http://gerrit.openafs.org/1269 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- src/volser/vsutils.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/volser/vsutils.c b/src/volser/vsutils.c index 54ad1291ee..6af0b7ce4e 100644 --- a/src/volser/vsutils.c +++ b/src/volser/vsutils.c @@ -449,9 +449,9 @@ vsu_GetVolumeID(char *astring, struct ubik_client *acstruct, afs_int32 *errp) vsu_ExtractName(volname, astring); vcode = VLDB_GetEntryByName(volname, &entry); if (!vcode) { - if (!strcmp(&astring[total - 9], ".readonly")) + if ((total >= 9) && (!strcmp(&astring[total - 9], ".readonly"))) return entry.volumeId[ROVOL]; - else if ((!strcmp(&astring[total - 7], ".backup"))) + else if ((total >= 7) && (!strcmp(&astring[total - 7], ".backup"))) return entry.volumeId[BACKVOL]; else return (entry.volumeId[RWVOL]);