summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAravind Srinivasan <aravind.srinivasan@isilon.com>2009-09-02 17:20:21 +0000
committerTim Prouty <tprouty@samba.org>2009-09-24 10:59:33 -0700
commitc870043b27dff10010e45358d924cbdd688f6555 (patch)
tree3fc8798b6312299a16fe027f7b76a820bc7c86d3 /source3
parent42c3eca0d5ccbe116d7b101bc9adaa3b39ca5da2 (diff)
downloadsamba-c870043b27dff10010e45358d924cbdd688f6555.tar.gz
samba-c870043b27dff10010e45358d924cbdd688f6555.tar.bz2
samba-c870043b27dff10010e45358d924cbdd688f6555.zip
vfs catia: Fix a possible NULL dereference
Also free some unfreed memory. Signed-off-by: Tim Prouty <tprouty@samba.org>
Diffstat (limited to 'source3')
-rw-r--r--source3/modules/vfs_catia.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/source3/modules/vfs_catia.c b/source3/modules/vfs_catia.c
index 0917812ee2..d4001347ce 100644
--- a/source3/modules/vfs_catia.c
+++ b/source3/modules/vfs_catia.c
@@ -393,12 +393,14 @@ static int catia_rename(vfs_handle_struct *handle,
TALLOC_CTX *ctx = talloc_tos();
struct smb_filename *smb_fname_src_tmp = NULL;
struct smb_filename *smb_fname_dst_tmp = NULL;
+ char *src_name_mapped = NULL;
+ char *dst_name_mapped = NULL;
NTSTATUS status;
int ret = -1;
status = catia_string_replace_allocate(handle->conn,
smb_fname_src->base_name,
- &(smb_fname_src_tmp->base_name), TO_UNIX);
+ &src_name_mapped, TO_UNIX);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return -1;
@@ -406,7 +408,7 @@ static int catia_rename(vfs_handle_struct *handle,
status = catia_string_replace_allocate(handle->conn,
smb_fname_dst->base_name,
- &(smb_fname_dst_tmp->base_name), TO_UNIX);
+ &dst_name_mapped, TO_UNIX);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return -1;
@@ -426,6 +428,8 @@ static int catia_rename(vfs_handle_struct *handle,
goto out;
}
+ smb_fname_src_tmp->base_name = src_name_mapped;
+ smb_fname_dst_tmp->base_name = dst_name_mapped;
DEBUG(10, ("converted old name: %s\n",
smb_fname_str_dbg(smb_fname_src_tmp)));
DEBUG(10, ("converted new name: %s\n",
@@ -434,6 +438,8 @@ static int catia_rename(vfs_handle_struct *handle,
ret = SMB_VFS_NEXT_RENAME(handle, smb_fname_src_tmp,
smb_fname_dst_tmp);
out:
+ TALLOC_FREE(src_name_mapped);
+ TALLOC_FREE(dst_name_mapped);
TALLOC_FREE(smb_fname_src_tmp);
TALLOC_FREE(smb_fname_dst_tmp);
return ret;
@@ -652,6 +658,7 @@ static int catia_ntimes(vfs_handle_struct *handle,
smb_fname_tmp->base_name = name;
ret = SMB_VFS_NEXT_NTIMES(handle, smb_fname_tmp, ft);
+ TALLOC_FREE(name);
TALLOC_FREE(smb_fname_tmp);
return ret;