Fix a crash when accessing ._ files, bug #564

At least FreeBSD is picky in that it requires PROT_READ if we're going
to read a mmap()ed memory region mapped, only specifying PROT_WRITE
doesn't imply PROT_READ. Other OSen seem to handle this differently.

Also add a missing pointer reinitialisation to the buf pointer.

Reported-by: Sean Eric Fagan
Signed-off-by: Ralph Boehme <rb@sernet.de>

diff --git a/NEWS b/NEWS
index f305674be90e77d4f5480d0c6b1bcdf0d308890c..2f5807d22235f37665eb9f327dd1d49f7018689e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,8 @@ Changes in 3.1.3
 * FIX: afpd: Unarchiving certain ZIP archives fails, bug #569
 * UPD: Update Unicode support to version 7.0.0
 * FIX: Memory overflow caused by 'basedir regex', bug #567
+* FIX: afpd: fix a crash when accessing ._ AppleDouble files created
+       by OS X via SMB, bug #564
 
 Changes in 3.1.2
 ================

diff --git a/libatalk/adouble/ad_open.c b/libatalk/adouble/ad_open.c
index 85a32a11518f9296c56cdec84f912aa763286498..14f2caa4b87721ec02f34e47765b9e22e466bec9 100644 (file)
--- a/libatalk/adouble/ad_open.c
+++ b/libatalk/adouble/ad_open.c
@@ -588,7 +588,7 @@ static int ad_convert_osx(const char *path, struct adouble *ad)
 
     origlen = ad_getentryoff(ad, ADEID_RFORK) + ad_getentrylen(ad, ADEID_RFORK);
 
-    map = mmap(NULL, origlen, PROT_WRITE, MAP_SHARED, ad_reso_fileno(ad), 0);
+    map = mmap(NULL, origlen, PROT_READ | PROT_WRITE, MAP_SHARED, ad_reso_fileno(ad), 0);
     if (map == MAP_FAILED) {
         LOG(log_error, logtype_ad, "mmap AppleDouble: %s\n", strerror(errno));
         EC_FAIL;
@@ -639,7 +639,7 @@ static int ad_header_read_osx(const char *path, struct adouble *ad, const struct
 {
     EC_INIT;
     struct adouble      adosx;
-    char                *buf = &adosx.ad_data[0];
+    char                *buf;
     uint16_t            nentries;
     int                 len;
     ssize_t             header_len;
@@ -649,6 +649,7 @@ static int ad_header_read_osx(const char *path, struct adouble *ad, const struct
 reread:
     LOG(log_debug, logtype_ad, "ad_header_read_osx: %s", path ? fullpathname(path) : "");
     ad_init_old(&adosx, AD_VERSION_EA, ad->ad_options);
+    buf = &adosx.ad_data[0];
     memset(buf, 0, sizeof(adosx.ad_data));
     adosx.ad_rfp->adf_fd = ad_reso_fileno(ad);