summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorKamen Mazdrashki <kamen.mazdrashki@postpath.com>2009-12-06 01:59:42 +0200
committerAndrew Tridgell <tridge@samba.org>2009-12-08 12:39:11 +1100
commitf1d9382b18fbf4b9428759cdeea3894b7871e236 (patch)
treedb4052348a29e3b23c8c63a6c9bd5843053d49ea /source4
parentbf7cc3262e3cbd72a3603d3c648fccfe7ce9829f (diff)
downloadsamba-f1d9382b18fbf4b9428759cdeea3894b7871e236.tar.gz
samba-f1d9382b18fbf4b9428759cdeea3894b7871e236.tar.bz2
samba-f1d9382b18fbf4b9428759cdeea3894b7871e236.zip
s4/smbstreams: Fix memory use after free.
The bug is that sometimes 'streams' is parent for 'new_name'. With this said, 'new_name' must be dupped before 'streams' pointer is freed. Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source4')
-rw-r--r--source4/ntvfs/posix/pvfs_streams.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/source4/ntvfs/posix/pvfs_streams.c b/source4/ntvfs/posix/pvfs_streams.c
index 4da95432c1..cacd8c1995 100644
--- a/source4/ntvfs/posix/pvfs_streams.c
+++ b/source4/ntvfs/posix/pvfs_streams.c
@@ -304,11 +304,15 @@ NTSTATUS pvfs_stream_rename(struct pvfs_state *pvfs, struct pvfs_filename *name,
}
status = pvfs_streams_save(pvfs, name, fd, streams);
- talloc_free(streams);
- /* update the in-memory copy of the name of the open file */
- talloc_free(name->stream_name);
- name->stream_name = talloc_strdup(name, new_name);
+ if (NT_STATUS_IS_OK(status)) {
+
+ /* update the in-memory copy of the name of the open file */
+ talloc_free(name->stream_name);
+ name->stream_name = talloc_strdup(name, new_name);
+
+ talloc_free(streams);
+ }
return status;
}