diff options
author | Kamen Mazdrashki <kamen.mazdrashki@postpath.com> | 2009-12-06 01:59:42 +0200 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2009-12-08 12:39:11 +1100 |
commit | f1d9382b18fbf4b9428759cdeea3894b7871e236 (patch) | |
tree | db4052348a29e3b23c8c63a6c9bd5843053d49ea /source4 | |
parent | bf7cc3262e3cbd72a3603d3c648fccfe7ce9829f (diff) | |
download | samba-f1d9382b18fbf4b9428759cdeea3894b7871e236.tar.gz samba-f1d9382b18fbf4b9428759cdeea3894b7871e236.tar.bz2 samba-f1d9382b18fbf4b9428759cdeea3894b7871e236.zip |
s4/smbstreams: Fix memory use after free.
The bug is that sometimes 'streams' is parent for 'new_name'.
With this said, 'new_name' must be dupped before 'streams'
pointer is freed.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/ntvfs/posix/pvfs_streams.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/source4/ntvfs/posix/pvfs_streams.c b/source4/ntvfs/posix/pvfs_streams.c index 4da95432c1..cacd8c1995 100644 --- a/source4/ntvfs/posix/pvfs_streams.c +++ b/source4/ntvfs/posix/pvfs_streams.c @@ -304,11 +304,15 @@ NTSTATUS pvfs_stream_rename(struct pvfs_state *pvfs, struct pvfs_filename *name, } status = pvfs_streams_save(pvfs, name, fd, streams); - talloc_free(streams); - /* update the in-memory copy of the name of the open file */ - talloc_free(name->stream_name); - name->stream_name = talloc_strdup(name, new_name); + if (NT_STATUS_IS_OK(status)) { + + /* update the in-memory copy of the name of the open file */ + talloc_free(name->stream_name); + name->stream_name = talloc_strdup(name, new_name); + + talloc_free(streams); + } return status; } |