jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-31 13:38:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Windows: AFSDeleteDirEntry set input to NULL

Browse Source 
AFSDeleteDirEntry() frees the memory allocated to the DirectoryCB.
To ensure that an invalid memory pointer is not accidentally used
by the caller after the memory is freed, use
InterlockedCompareExchangePointer() to set the input parameter to
NULL prior to destroying the DirectoryCB.

Change-Id: I2e92d4277d1f9baee164bfb941821aa11a1ad738
Reviewed-on: http://gerrit.openafs.org/9721
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
This commit is contained in:
Jeffrey Altman 2013-04-02 14:13:57 -04:00
parent ba78ac675c
commit 76e33082d1
7 changed files with 56 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/WINNT/afsrdr/kernel/lib/AFSClose.cpp
View File

@ -418,7 +418,7 @@ AFSClose( IN PDEVICE_OBJECT LibDeviceObject,
// //
AFSDeleteDirEntry( pParentObjectInfo, AFSDeleteDirEntry( pParentObjectInfo,
pDirCB); &pDirCB);
AFSAcquireShared( &pObjectInfo->NonPagedInfo->ObjectInfoLock, AFSAcquireShared( &pObjectInfo->NonPagedInfo->ObjectInfoLock,
TRUE); TRUE);

12
src/WINNT/afsrdr/kernel/lib/AFSCommSupport.cpp
View File

@ -364,7 +364,7 @@ AFSEnumerateDirectory( IN GUID *AuthGroup,
pCurrentDirEntry->FileId.Unique)); pCurrentDirEntry->FileId.Unique));
AFSDeleteDirEntry( ObjectInfoCB, AFSDeleteDirEntry( ObjectInfoCB,
pDirNode); &pDirNode);
} }
else else
{ {
@ -534,7 +534,7 @@ AFSEnumerateDirectory( IN GUID *AuthGroup,
// //
AFSDeleteDirEntry( ObjectInfoCB, AFSDeleteDirEntry( ObjectInfoCB,
pDirNode); &pDirNode);
pCurrentDirEntry = (AFSDirEnumEntry *)((char *)pCurrentDirEntry + ulEntryLength); pCurrentDirEntry = (AFSDirEnumEntry *)((char *)pCurrentDirEntry + ulEntryLength);
@ -1201,7 +1201,7 @@ AFSVerifyDirectoryContent( IN AFSObjectInfoCB *ObjectInfoCB,
pCurrentDirEntry->FileId.Unique)); pCurrentDirEntry->FileId.Unique));
AFSDeleteDirEntry( ObjectInfoCB, AFSDeleteDirEntry( ObjectInfoCB,
pDirNode); &pDirNode);
} }
else else
{ {
@ -1373,7 +1373,7 @@ AFSVerifyDirectoryContent( IN AFSObjectInfoCB *ObjectInfoCB,
// //
AFSDeleteDirEntry( ObjectInfoCB, AFSDeleteDirEntry( ObjectInfoCB,
pDirNode); &pDirNode);
pCurrentDirEntry = (AFSDirEnumEntry *)((char *)pCurrentDirEntry + ulEntryLength); pCurrentDirEntry = (AFSDirEnumEntry *)((char *)pCurrentDirEntry + ulEntryLength);
@ -1732,7 +1732,7 @@ AFSNotifyFileCreate( IN GUID *AuthGroup,
pResultCB->DirEnum.FileId.Unique)); pResultCB->DirEnum.FileId.Unique));
AFSDeleteDirEntry( ParentObjectInfo, AFSDeleteDirEntry( ParentObjectInfo,
pDirNode); &pDirNode);
} }
else else
{ {
@ -2341,7 +2341,7 @@ AFSNotifyHardLink( IN AFSObjectInfoCB *ObjectInfo,
pResultCB->DirEnum.FileId.Unique)); pResultCB->DirEnum.FileId.Unique));
AFSDeleteDirEntry( TargetParentObjectInfo, AFSDeleteDirEntry( TargetParentObjectInfo,
pDirNode); &pDirNode);
} }
else else
{ {

2
src/WINNT/afsrdr/kernel/lib/AFSFileInfo.cpp
View File

@ -3316,7 +3316,7 @@ AFSSetRenameInfo( IN PIRP Irp)
&pTargetDirEntry->NameInformation.FileName)); &pTargetDirEntry->NameInformation.FileName));
AFSDeleteDirEntry( pTargetParentObject, AFSDeleteDirEntry( pTargetParentObject,
pTargetDirEntry); &pTargetDirEntry);
} }
pTargetDirEntry = NULL; pTargetDirEntry = NULL;

6
src/WINNT/afsrdr/kernel/lib/AFSGeneric.cpp
View File

@ -3582,7 +3582,7 @@ AFSValidateDirectoryCache( IN AFSObjectInfoCB *ObjectInfo,
&pCurrentDirEntry->NameInformation.FileName)); &pCurrentDirEntry->NameInformation.FileName));
AFSDeleteDirEntry( ObjectInfo, AFSDeleteDirEntry( ObjectInfo,
pCurrentDirEntry); &pCurrentDirEntry);
} }
else else
{ {
@ -3715,7 +3715,7 @@ AFSValidateDirectoryCache( IN AFSObjectInfoCB *ObjectInfo,
ObjectInfo->FileId.Unique)); ObjectInfo->FileId.Unique));
AFSDeleteDirEntry( ObjectInfo, AFSDeleteDirEntry( ObjectInfo,
pCurrentDirEntry); &pCurrentDirEntry);
} }
else else
{ {
@ -4909,7 +4909,7 @@ AFSResetDirectoryContent( IN AFSObjectInfoCB *ObjectInfoCB)
&pCurrentDirEntry->NameInformation.FileName)); &pCurrentDirEntry->NameInformation.FileName));
AFSDeleteDirEntry( ObjectInfoCB, AFSDeleteDirEntry( ObjectInfoCB,
pCurrentDirEntry); &pCurrentDirEntry);
} }
else else
{ {

71
src/WINNT/afsrdr/kernel/lib/AFSNameSupport.cpp
View File

@ -1986,7 +1986,7 @@ AFSLocateNameEntry( IN GUID *AuthGroup,
// //
AFSDeleteDirEntry( pParentObjectInfo, AFSDeleteDirEntry( pParentObjectInfo,
pDirEntry); &pDirEntry);
AFSAcquireShared( &pCurrentObject->NonPagedInfo->ObjectInfoLock, AFSAcquireShared( &pCurrentObject->NonPagedInfo->ObjectInfoLock,
TRUE); TRUE);
@ -2477,7 +2477,7 @@ AFSCreateDirEntry( IN GUID *AuthGroup,
lCount)); lCount));
AFSDeleteDirEntry( ParentObjectInfo, AFSDeleteDirEntry( ParentObjectInfo,
pDirNode); &pDirNode);
lCount = InterlockedIncrement( &pExistingDirNode->DirOpenReferenceCount); lCount = InterlockedIncrement( &pExistingDirNode->DirOpenReferenceCount);
@ -2521,7 +2521,7 @@ AFSCreateDirEntry( IN GUID *AuthGroup,
pDirNode->ObjectInformation->FileId.Unique)); pDirNode->ObjectInformation->FileId.Unique));
AFSDeleteDirEntry( ParentObjectInfo, AFSDeleteDirEntry( ParentObjectInfo,
pExistingDirNode); &pExistingDirNode);
} }
else else
{ {
@ -2755,72 +2755,83 @@ AFSInsertDirectoryNode( IN AFSObjectInfoCB *ParentObjectInfo,
void void
AFSDeleteDirEntry( IN AFSObjectInfoCB *ParentObjectInfo, AFSDeleteDirEntry( IN AFSObjectInfoCB *ParentObjectInfo,
IN AFSDirectoryCB *DirEntry) IN AFSDirectoryCB **ppDirEntry)
{ {
LONG lCount; LONG lCount;
AFSDirectoryCB *pDirEntry;
__Enter __Enter
{ {
pDirEntry = (AFSDirectoryCB *) InterlockedCompareExchangePointer( (PVOID *)ppDirEntry,
NULL,
*ppDirEntry);
if ( pDirEntry == NULL)
{
try_return( NOTHING);
}
AFSDbgTrace(( AFS_SUBSYSTEM_CLEANUP_PROCESSING | AFS_SUBSYSTEM_DIRENTRY_REF_COUNTING, AFSDbgTrace(( AFS_SUBSYSTEM_CLEANUP_PROCESSING | AFS_SUBSYSTEM_DIRENTRY_REF_COUNTING,
AFS_TRACE_LEVEL_VERBOSE, AFS_TRACE_LEVEL_VERBOSE,
"AFSDeleteDirEntry Deleting dir entry in parent %p Entry %p object %p %wZ RefCount %d\n", "AFSDeletepDirEntry Deleting dir entry in parent %p Entry %p object %p %wZ RefCount %d\n",
ParentObjectInfo, ParentObjectInfo,
DirEntry, pDirEntry,
DirEntry->ObjectInformation, pDirEntry->ObjectInformation,
&DirEntry->NameInformation.FileName, &pDirEntry->NameInformation.FileName,
DirEntry->DirOpenReferenceCount)); pDirEntry->DirOpenReferenceCount));
ASSERT( DirEntry->DirOpenReferenceCount == 0); ASSERT( pDirEntry->DirOpenReferenceCount == 0);
AFSRemoveDirNodeFromParent( ParentObjectInfo, AFSRemoveDirNodeFromParent( ParentObjectInfo,
DirEntry, pDirEntry,
TRUE); TRUE);
// //
// Free up the name buffer if it was reallocated // Free up the name buffer if it was reallocated
// //
if( BooleanFlagOn( DirEntry->Flags, AFS_DIR_RELEASE_NAME_BUFFER)) if( BooleanFlagOn( pDirEntry->Flags, AFS_DIR_RELEASE_NAME_BUFFER))
{ {
AFSExFreePoolWithTag( DirEntry->NameInformation.FileName.Buffer, 0); AFSExFreePoolWithTag( pDirEntry->NameInformation.FileName.Buffer, 0);
} }
if( BooleanFlagOn( DirEntry->Flags, AFS_DIR_RELEASE_TARGET_NAME_BUFFER)) if( BooleanFlagOn( pDirEntry->Flags, AFS_DIR_RELEASE_TARGET_NAME_BUFFER))
{ {
AFSExFreePoolWithTag( DirEntry->NameInformation.TargetName.Buffer, 0); AFSExFreePoolWithTag( pDirEntry->NameInformation.TargetName.Buffer, 0);
} }
if ( DirEntry->ObjectInformation != NULL) if ( pDirEntry->ObjectInformation != NULL)
{ {
if( BooleanFlagOn( DirEntry->Flags, AFS_DIR_ENTRY_DELETED) && if( BooleanFlagOn( pDirEntry->Flags, AFS_DIR_ENTRY_DELETED) &&
DirEntry->ObjectInformation->Links == 0) pDirEntry->ObjectInformation->Links == 0)
{ {
SetFlag( DirEntry->ObjectInformation->Flags, AFS_OBJECT_FLAGS_DELETED); SetFlag( pDirEntry->ObjectInformation->Flags, AFS_OBJECT_FLAGS_DELETED);
} }
// //
// Dereference the object for this dir entry // Dereference the object for this dir entry
// //
lCount = AFSObjectInfoDecrement( DirEntry->ObjectInformation, lCount = AFSObjectInfoDecrement( pDirEntry->ObjectInformation,
AFS_OBJECT_REFERENCE_DIRENTRY); AFS_OBJECT_REFERENCE_DIRENTRY);
AFSDbgTrace(( AFS_SUBSYSTEM_OBJECT_REF_COUNTING, AFSDbgTrace(( AFS_SUBSYSTEM_OBJECT_REF_COUNTING,
AFS_TRACE_LEVEL_VERBOSE, AFS_TRACE_LEVEL_VERBOSE,
"AFSDeleteDirEntry Decrement count on object %p Cnt %d\n", "AFSDeletepDirEntry Decrement count on object %p Cnt %d\n",
DirEntry->ObjectInformation, pDirEntry->ObjectInformation,
lCount)); lCount));
} }
ExDeleteResourceLite( &DirEntry->NonPaged->Lock); ExDeleteResourceLite( &pDirEntry->NonPaged->Lock);
AFSExFreePoolWithTag( DirEntry->NonPaged, AFS_DIR_ENTRY_NP_TAG); AFSExFreePoolWithTag( pDirEntry->NonPaged, AFS_DIR_ENTRY_NP_TAG);
// //
// Free up the dir entry // Free up the dir entry
@ -2828,10 +2839,14 @@ AFSDeleteDirEntry( IN AFSObjectInfoCB *ParentObjectInfo,
AFSDbgTrace(( AFS_SUBSYSTEM_DIRENTRY_ALLOCATION, AFSDbgTrace(( AFS_SUBSYSTEM_DIRENTRY_ALLOCATION,
AFS_TRACE_LEVEL_VERBOSE, AFS_TRACE_LEVEL_VERBOSE,
"AFSDeleteDirEntry AFS_DIR_ENTRY_TAG deallocating %p\n", "AFSDeletepDirEntry AFS_DIR_ENTRY_TAG deallocating %p\n",
DirEntry)); pDirEntry));
AFSExFreePoolWithTag( DirEntry, AFS_DIR_ENTRY_TAG); AFSExFreePoolWithTag( pDirEntry, AFS_DIR_ENTRY_TAG);
try_exit:
NOTHING;
} }
} }
@ -4325,7 +4340,7 @@ AFSCheckCellName( IN GUID *AuthGroup,
{ {
AFSDeleteDirEntry( &AFSGlobalRoot->ObjectInformation, AFSDeleteDirEntry( &AFSGlobalRoot->ObjectInformation,
pDirNode); &pDirNode);
AFSReleaseResource( AFSGlobalRoot->ObjectInformation.Specific.Directory.DirectoryNodeHdr.TreeLock); AFSReleaseResource( AFSGlobalRoot->ObjectInformation.Specific.Directory.DirectoryNodeHdr.TreeLock);

2
src/WINNT/afsrdr/kernel/lib/AFSWorker.cpp
View File

@ -1322,7 +1322,7 @@ AFSExamineObjectInfo( IN AFSObjectInfoCB * pCurrentObject,
pCurrentDirEntry->ObjectInformation)); pCurrentDirEntry->ObjectInformation));
AFSDeleteDirEntry( pCurrentObject, AFSDeleteDirEntry( pCurrentObject,
pCurrentDirEntry); &pCurrentDirEntry);
pCurrentDirEntry = pNextDirEntry; pCurrentDirEntry = pNextDirEntry;
} }

2
src/WINNT/afsrdr/kernel/lib/Include/AFSCommon.h
View File

@ -591,7 +591,7 @@ AFSInsertDirectoryNode( IN AFSObjectInfoCB *ParentObjectInfo,
void void
AFSDeleteDirEntry( IN AFSObjectInfoCB *ParentObjectInfo, AFSDeleteDirEntry( IN AFSObjectInfoCB *ParentObjectInfo,
IN AFSDirectoryCB *DirEntry); IN AFSDirectoryCB **ppDirEntry);
NTSTATUS NTSTATUS
AFSRemoveDirNodeFromParent( IN AFSObjectInfoCB *ParentObjectInfo, AFSRemoveDirNodeFromParent( IN AFSObjectInfoCB *ParentObjectInfo,