From 86ef60fdfcdc29d80b4169b5d2218f801aec81dc Mon Sep 17 00:00:00 2001 From: jmarcus Date: Thu, 17 Jan 2002 16:13:34 +0000 Subject: [PATCH] Fixes from didier to not use a freed pointer in when closing an afp_dsi session, and to not return 0 for as an OForkRefNum (per Apple spec). --- etc/afpd/afp_dsi.c | 6 +++--- etc/afpd/ofork.c | 26 ++++++++++++++++++++++++-- 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/etc/afpd/afp_dsi.c b/etc/afpd/afp_dsi.c index 37d92981..20807e97 100644 --- a/etc/afpd/afp_dsi.c +++ b/etc/afpd/afp_dsi.c @@ -1,5 +1,5 @@ /* - * $Id: afp_dsi.c,v 1.16 2002-01-04 04:45:47 sibaz Exp $ + * $Id: afp_dsi.c,v 1.17 2002-01-17 16:13:34 jmarcus Exp $ * * Copyright (c) 1999 Adrian Sun (asun@zoology.washington.edu) * Copyright (c) 1990,1993 Regents of The University of Michigan. @@ -57,13 +57,13 @@ static __inline__ void afp_dsi_close(AFPObj *obj) if (obj->logout) (*obj->logout)(); - dsi_close(dsi); - /* UAM had syslog control; afpd needs to reassert itself */ set_processname("afpd"); syslog_setup(log_debug, logtype_default, logoption_ndelay | logoption_pid, logfacility_daemon); LOG(log_info, logtype_default, "%.2fKB read, %.2fKB written", dsi->read_count/1024.0, dsi->write_count/1024.0); + + dsi_close(dsi); } /* a little bit of code duplication. */ diff --git a/etc/afpd/ofork.c b/etc/afpd/ofork.c index 0e5a68c5..bd6d778a 100644 --- a/etc/afpd/ofork.c +++ b/etc/afpd/ofork.c @@ -1,5 +1,5 @@ /* - * $Id: ofork.c,v 1.8 2002-01-04 04:45:47 sibaz Exp $ + * $Id: ofork.c,v 1.9 2002-01-17 16:13:34 jmarcus Exp $ * * Copyright (c) 1996 Regents of The University of Michigan. * All Rights Reserved. See COPYRIGHT. @@ -152,11 +152,33 @@ struct adouble *ad; return NULL; } - for ( refnum = lastrefnum++, i = 0; i < nforks; i++, refnum++ ) { + for ( refnum = ++lastrefnum, i = 0; i < nforks; i++, refnum++ ) { + /* cf AFP3.0.pdf, File fork page 40 */ + if (!refnum) + refnum++; if ( oforks[ refnum % nforks ] == NULL ) { break; } } + /* grr, Apple and their 'uniquely identifies' + the next line is a protection against + of_alloc() + refnum % nforks = 3 + lastrefnum = 3 + oforks[3] != NULL + refnum = 4 + oforks[4] == NULL + return 4 + + close(oforks[4]) + + of_alloc() + refnum % nforks = 4 + ... + return 4 + same if lastrefnum++ rather than ++lastrefnum. + */ + lastrefnum = refnum; if ( i == nforks ) { LOG(log_error, logtype_default, "of_alloc: maximum number of forks exceeded."); return( NULL ); -- 2.39.2