diff options
| author | Aravind Srinivasan <aravind.srinivasan@isilon.com> | 2009-09-02 17:20:21 +0000 |
|---|---|---|
| committer | Tim Prouty <tprouty@samba.org> | 2009-09-24 10:59:33 -0700 |
| commit | c870043b27dff10010e45358d924cbdd688f6555 (patch) | |
| tree | 3fc8798b6312299a16fe027f7b76a820bc7c86d3 /source3 | |
| parent | 42c3eca0d5ccbe116d7b101bc9adaa3b39ca5da2 (diff) | |
| download | samba-c870043b27dff10010e45358d924cbdd688f6555.tar.gz samba-c870043b27dff10010e45358d924cbdd688f6555.tar.bz2 samba-c870043b27dff10010e45358d924cbdd688f6555.zip | |
vfs catia: Fix a possible NULL dereference
Also free some unfreed memory.
Signed-off-by: Tim Prouty <tprouty@samba.org>
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/modules/vfs_catia.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/source3/modules/vfs_catia.c b/source3/modules/vfs_catia.c index 0917812ee2..d4001347ce 100644 --- a/source3/modules/vfs_catia.c +++ b/source3/modules/vfs_catia.c @@ -393,12 +393,14 @@ static int catia_rename(vfs_handle_struct *handle, TALLOC_CTX *ctx = talloc_tos(); struct smb_filename *smb_fname_src_tmp = NULL; struct smb_filename *smb_fname_dst_tmp = NULL; + char *src_name_mapped = NULL; + char *dst_name_mapped = NULL; NTSTATUS status; int ret = -1; status = catia_string_replace_allocate(handle->conn, smb_fname_src->base_name, - &(smb_fname_src_tmp->base_name), TO_UNIX); + &src_name_mapped, TO_UNIX); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); return -1; @@ -406,7 +408,7 @@ static int catia_rename(vfs_handle_struct *handle, status = catia_string_replace_allocate(handle->conn, smb_fname_dst->base_name, - &(smb_fname_dst_tmp->base_name), TO_UNIX); + &dst_name_mapped, TO_UNIX); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); return -1; @@ -426,6 +428,8 @@ static int catia_rename(vfs_handle_struct *handle, goto out; } + smb_fname_src_tmp->base_name = src_name_mapped; + smb_fname_dst_tmp->base_name = dst_name_mapped; DEBUG(10, ("converted old name: %s\n", smb_fname_str_dbg(smb_fname_src_tmp))); DEBUG(10, ("converted new name: %s\n", @@ -434,6 +438,8 @@ static int catia_rename(vfs_handle_struct *handle, ret = SMB_VFS_NEXT_RENAME(handle, smb_fname_src_tmp, smb_fname_dst_tmp); out: + TALLOC_FREE(src_name_mapped); + TALLOC_FREE(dst_name_mapped); TALLOC_FREE(smb_fname_src_tmp); TALLOC_FREE(smb_fname_dst_tmp); return ret; @@ -652,6 +658,7 @@ static int catia_ntimes(vfs_handle_struct *handle, smb_fname_tmp->base_name = name; ret = SMB_VFS_NEXT_NTIMES(handle, smb_fname_tmp, ft); + TALLOC_FREE(name); TALLOC_FREE(smb_fname_tmp); return ret; |