I've just released a new version of ACLSEARCH. This utility has recently seen extensive use by Tony McGrath. Tony has not only been finding issues with my DCL, but he uncovered a really interesting bug in ACLSEARCH.
Turns out that because ACE's can't span headers if they overflow into extension headers, the file system will leave unused space at the end of the ACL area, and describe the unused space as valid.
The difference between two file header variables describe the length of the ACL area: FH2$B_RSOFFSET
and FH2$B_ACOFFSET
.
Both of these are a count of the number of 16 bit words, so we need to multiply by 2 to obtain the number of bytes for the ACL area.
The interesting bit is that if you take the ACE$B_SIZE
values for the (valid) ACEs in the area and add them all up, it may or may not equal the difference of the two header variables. This was confusing the code, to put it mildly.
Tony came up with a good suggestion that corrected the issue, and the new version incorporates his mods. I've also reworked some of the more esoteric "does this ACE match?" logic that I'd previously coded, but never personally needed (so I didn't test it very well ;-)
Posted at October 1, 2013 1:05 PMComments are closed