From 3988114e763aceb0d06ffb9a64549dec5a9500ff Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Wed, 18 Jun 2014 16:54:24 +0200 Subject: [PATCH] Fix a crash when accessing ._ files, bug #564 At least FreeBSD is picky in that it requires PROT_READ if we're going to read a mmap()ed memory region mapped, only specifying PROT_WRITE doesn't imply PROT_READ. Other OSen seem to handle this differently. Also add a missing pointer reinitialisation to the buf pointer. Reported-by: Sean Eric Fagan Signed-off-by: Ralph Boehme --- NEWS | 2 ++ libatalk/adouble/ad_open.c | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index f305674b..2f5807d2 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,8 @@ Changes in 3.1.3 * FIX: afpd: Unarchiving certain ZIP archives fails, bug #569 * UPD: Update Unicode support to version 7.0.0 * FIX: Memory overflow caused by 'basedir regex', bug #567 +* FIX: afpd: fix a crash when accessing ._ AppleDouble files created + by OS X via SMB, bug #564 Changes in 3.1.2 ================ diff --git a/libatalk/adouble/ad_open.c b/libatalk/adouble/ad_open.c index 85a32a11..14f2caa4 100644 --- a/libatalk/adouble/ad_open.c +++ b/libatalk/adouble/ad_open.c @@ -588,7 +588,7 @@ static int ad_convert_osx(const char *path, struct adouble *ad) origlen = ad_getentryoff(ad, ADEID_RFORK) + ad_getentrylen(ad, ADEID_RFORK); - map = mmap(NULL, origlen, PROT_WRITE, MAP_SHARED, ad_reso_fileno(ad), 0); + map = mmap(NULL, origlen, PROT_READ | PROT_WRITE, MAP_SHARED, ad_reso_fileno(ad), 0); if (map == MAP_FAILED) { LOG(log_error, logtype_ad, "mmap AppleDouble: %s\n", strerror(errno)); EC_FAIL; @@ -639,7 +639,7 @@ static int ad_header_read_osx(const char *path, struct adouble *ad, const struct { EC_INIT; struct adouble adosx; - char *buf = &adosx.ad_data[0]; + char *buf; uint16_t nentries; int len; ssize_t header_len; @@ -649,6 +649,7 @@ static int ad_header_read_osx(const char *path, struct adouble *ad, const struct reread: LOG(log_debug, logtype_ad, "ad_header_read_osx: %s", path ? fullpathname(path) : ""); ad_init_old(&adosx, AD_VERSION_EA, ad->ad_options); + buf = &adosx.ad_data[0]; memset(buf, 0, sizeof(adosx.ad_data)); adosx.ad_rfp->adf_fd = ad_reso_fileno(ad); -- 2.39.2