William Woodruff 3f70f94b0a events/windows: Prevent overly eager old name record handling (#6208) ... This fixes the verbosity observed in #5371 (review): A quick summary: FileReferenceNumber doesn't have an operator== for integers, but C++ gets clever and implicitly provides one because of the FileReferenceNumber(DWORDLONG) constructor. This ends up providing the wrong implicit comparison behavior, resulting in the branch below always being taken (and consequently erroring, since no old name record is actually present). This fix changes the comparison to drive_letter, which will always be compared correctly and will only be 0U in the case we want to test.		2020-01-31 09:34:44 -05:00
..
benchmarks	Replace Status(0) calls with Status::success() to appease Lint (#5487)	2019-03-01 04:29:33 -08:00
darwin	Replace Status(0) calls with Status::success() to appease Lint (#5487)	2019-03-01 04:29:33 -08:00
linux	Prevent Audit from stalling Linux system services (#5959)	2019-11-01 21:26:00 -04:00
tests	events/windows: Prevent overly eager old name record handling (#6208)	2020-01-31 09:34:44 -05:00
windows	events/windows: Prevent overly eager old name record handling (#6208)	2020-01-31 09:34:44 -05:00
BUCK	(Windows) New table: ntfs_journal_events (#5371)	2019-12-31 19:22:44 -05:00
CMakeLists.txt	(Windows) New table: ntfs_journal_events (#5371)	2019-12-31 19:22:44 -05:00
events.cpp	bug: Use RecursiveMutex and additional read locking on getEventSubscriber (#5841)	2019-10-02 01:02:24 -04:00
pathset.h	Update osquery licensing wording (#5452)	2019-02-19 10:59:48 -08:00