From 456b68ccb6d8ad31b735d2c08d0313963ff66c22 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Tue, 9 Jun 2015 08:44:43 -0400
Subject: [PATCH] Windows: AFSRetrieveParentPath handle no parent

AFSRetrieveParentPath() when presented with a relative path that has no
parent will walk off the front of the FullFileName buffer.  Add checks to
ensure that Length never becomes less than zero.

Change-Id: I7d619dc569d6c002b1d236a9340921414c51647f
Reviewed-on: http://gerrit.openafs.org/11888
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---
 src/WINNT/afsrdr/kernel/lib/AFSGeneric.cpp | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/WINNT/afsrdr/kernel/lib/AFSGeneric.cpp b/src/WINNT/afsrdr/kernel/lib/AFSGeneric.cpp
index f2ea3404a9..2594416a0e 100644
--- a/src/WINNT/afsrdr/kernel/lib/AFSGeneric.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSGeneric.cpp
@@ -9117,12 +9117,14 @@ AFSRetrieveParentPath( IN UNICODE_STRING *FullFileName,
     // If the final character is a \, jump over it
     //
 
-    if( ParentPath->Buffer[ (ParentPath->Length/sizeof( WCHAR)) - 1] == L'\\')
+    if( ParentPath->Length >= sizeof( WCHAR)
+	&& ParentPath->Buffer[ (ParentPath->Length/sizeof( WCHAR)) - 1] == L'\\')
     {
         ParentPath->Length -= sizeof( WCHAR);
     }
 
-    while( ParentPath->Buffer[ (ParentPath->Length/sizeof( WCHAR)) - 1] != L'\\')
+    while( ParentPath->Length >= sizeof( WCHAR)
+	   && ParentPath->Buffer[ (ParentPath->Length/sizeof( WCHAR)) - 1] != L'\\')
     {
         ParentPath->Length -= sizeof( WCHAR);
     }
@@ -9131,7 +9133,10 @@ AFSRetrieveParentPath( IN UNICODE_STRING *FullFileName,
     // And the separator
     //
 
-    ParentPath->Length -= sizeof( WCHAR);
+    if ( ParentPath->Length >= sizeof( WCHAR))
+    {
+	ParentPath->Length -= sizeof( WCHAR);
+    }
 
     return;
 }