From: Craig A. Berry Date: Thu, 31 May 2007 22:17:17 +0000 (+0000) Subject: Maintain UAF context across calls to sys$check_access in cando_by_name. X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=6151c65c62ce7952920524e0fc7266714fb41c2f;p=p5sagit%2Fp5-mst-13.2.git Maintain UAF context across calls to sys$check_access in cando_by_name. p4raw-id: //depot/perl@31320 --- diff --git a/vms/vms.c b/vms/vms.c index 297e0b0..e3c4771 100644 --- a/vms/vms.c +++ b/vms/vms.c @@ -10938,6 +10938,7 @@ Perl_cando_by_name_int struct itmlst_3 usrprolst[2] = {{sizeof curprv, CHP$_PRIV, &curprv, &retlen}, {0,0,0,0}}; struct dsc$descriptor_s usrprodsc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0}; + static int profile_context = -1; if (!fname || !*fname) return FALSE; /* Make sure we expand logical names, since sys$check_access doesn't */ @@ -11010,16 +11011,16 @@ Perl_cando_by_name_int /* find out the space required for the profile */ _ckvmssts(sys$create_user_profile(&usrdsc,&usrprolst,0,0, - &usrprodsc.dsc$w_length,0)); + &usrprodsc.dsc$w_length,&profile_context)); /* allocate space for the profile and get it filled in */ usrprodsc.dsc$a_pointer = PerlMem_malloc(usrprodsc.dsc$w_length); if (usrprodsc.dsc$a_pointer == NULL) _ckvmssts(SS$_INSFMEM); _ckvmssts(sys$create_user_profile(&usrdsc,&usrprolst,0,usrprodsc.dsc$a_pointer, - &usrprodsc.dsc$w_length,0)); + &usrprodsc.dsc$w_length,&profile_context)); /* use the profile to check access to the file; free profile & analyze results */ - retsts = sys$check_access(&objtyp,&namdsc,0,armlst,0,0,0,&usrprodsc); + retsts = sys$check_access(&objtyp,&namdsc,0,armlst,&profile_context,0,0,&usrprodsc); PerlMem_free(usrprodsc.dsc$a_pointer); if (retsts == SS$_NOCALLPRIV) retsts = SS$_NOPRIV; /* not really 3rd party */