From: Matthias Pitzl <silamael@coronamundi.de>
Date: Thu, 17 Nov 2011 09:40:29 +0000 (-0700)
Subject: Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new
X-Git-Tag: SQUID_3_1_17~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb4176472d8647cf96ffe23e57b4266d2e9e8938;p=thirdparty%2Fsquid.git

Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new

Also localized the header variable as it may be destroyed at any time.
---

diff --git a/src/fs/ufs/store_dir_ufs.cc b/src/fs/ufs/store_dir_ufs.cc
index 092b2f552e..7e79850519 100644
--- a/src/fs/ufs/store_dir_ufs.cc
+++ b/src/fs/ufs/store_dir_ufs.cc
@@ -768,7 +768,6 @@ UFSSwapDir::openTmpSwapLog(int *clean_flag, int *zero_flag)
     struct stat clean_sb;
     FILE *fp;
     int fd;
-    StoreSwapLogHeader *head;
 
     if (::stat(swaplog_path, &log_sb) < 0) {
         debugs(47, 1, "Cache Dir #" << index << ": No log file");
@@ -794,10 +793,11 @@ UFSSwapDir::openTmpSwapLog(int *clean_flag, int *zero_flag)
 
     swaplog_fd = fd;
 
-    head = new StoreSwapLogHeader;
-
-    file_write(swaplog_fd, -1, head, head->record_size,
-               NULL, NULL, FreeHeader);
+    {
+        StoreSwapLogHeader *header = new StoreSwapLogHeader;
+        file_write(swaplog_fd, -1, header, sizeof(*header),
+                   NULL, NULL, FreeHeader);
+    }
 
     /* open a read-only stream of the old log */
     fp = fopen(swaplog_path, "rb");