From: Matthias Pitzl <silamael@coronamundi.de>
Date: Tue, 8 Nov 2011 15:00:17 +0000 (-0700)
Subject: Bug 3408: Wrong header length leads to EFAULTs when cretating UFS swap.log.new.
X-Git-Tag: BumpSslServerFirst.take01~37
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=95ec9c9d886d33a4bca04e36bdaab6af94fe1321;p=thirdparty%2Fsquid.git

Bug 3408: Wrong header length leads to EFAULTs when cretating UFS swap.log.new.

Also localized the header variable as it may be destroyed at any time.
---

diff --git a/src/fs/ufs/store_dir_ufs.cc b/src/fs/ufs/store_dir_ufs.cc
index 7ee1df8cf5..449d5d6f0f 100644
--- a/src/fs/ufs/store_dir_ufs.cc
+++ b/src/fs/ufs/store_dir_ufs.cc
@@ -777,7 +777,6 @@ UFSSwapDir::openTmpSwapLog(int *clean_flag, int *zero_flag)
     struct stat clean_sb;
     FILE *fp;
     int fd;
-    StoreSwapLogHeader *head;
 
     if (::stat(swaplog_path, &log_sb) < 0) {
         debugs(47, 1, "Cache Dir #" << index << ": No log file");
@@ -803,10 +802,11 @@ UFSSwapDir::openTmpSwapLog(int *clean_flag, int *zero_flag)
 
     swaplog_fd = fd;
 
-    head = new StoreSwapLogHeader;
-
-    file_write(swaplog_fd, -1, head, head->record_size,
-               NULL, NULL, FreeHeader);
+    {
+        StoreSwapLogHeader *header = new StoreSwapLogHeader;
+        file_write(swaplog_fd, -1, header, sizeof(*header),
+                   NULL, NULL, FreeHeader);
+    }
 
     /* open a read-only stream of the old log */
     fp = fopen(swaplog_path, "rb");