diff options
author | Volker Lendecke <vl@samba.org> | 2009-06-19 16:00:23 +0200 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2009-06-19 16:25:10 +0200 |
commit | 8d1b81926d95f149936f3eb0a50355707d6c8bfa (patch) | |
tree | 0c884a06969c0eb00e88fc03cb3c696f0a3a7dc3 | |
parent | 4ad43a21344b43f1c9fe459165098bcab1695711 (diff) | |
download | samba-8d1b81926d95f149936f3eb0a50355707d6c8bfa.tar.gz samba-8d1b81926d95f149936f3eb0a50355707d6c8bfa.tar.bz2 samba-8d1b81926d95f149936f3eb0a50355707d6c8bfa.zip |
Fix Coverity IDs 922 and 933
In copy_internals(), if the !CAN_WRITE(conn) kicks in, we end up
dereferencing a NULL smb_filename.
This adds a simple protection around it.
Tim, please check!
Volker
-rw-r--r-- | source3/include/proto.h | 2 | ||||
-rw-r--r-- | source3/smbd/filename.c | 7 |
2 files changed, 6 insertions, 3 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 74406fdeac..ffd2858594 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -6372,7 +6372,7 @@ NTSTATUS create_synthetic_smb_fname_split(TALLOC_CTX *ctx, const char *fname, SMB_STRUCT_STAT *psbuf, struct smb_filename **smb_fname_out); -char *smb_fname_str_dbg(const struct smb_filename *smb_fname); +const char *smb_fname_str_dbg(const struct smb_filename *smb_fname); NTSTATUS copy_smb_filename(TALLOC_CTX *ctx, const struct smb_filename *smb_fname_in, struct smb_filename **smb_fname_out); diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index e1e54549f7..9854407a70 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -164,14 +164,17 @@ NTSTATUS create_synthetic_smb_fname_split(TALLOC_CTX *ctx, /** * Return a string using the debug_ctx() */ -char *smb_fname_str_dbg(const struct smb_filename *smb_fname) +const char *smb_fname_str_dbg(const struct smb_filename *smb_fname) { char *fname = NULL; NTSTATUS status; + if (smb_fname == NULL) { + return ""; + } status = get_full_smb_filename(debug_ctx(), smb_fname, &fname); if (!NT_STATUS_IS_OK(status)) { - fname = talloc_strdup(debug_ctx(), ""); + return ""; } return fname; } |