summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/smbd/nttrans.c22
1 files changed, 8 insertions, 14 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index aed237fc65..c19ba6519f 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1269,7 +1269,6 @@ static void call_nt_transact_create(connection_struct *conn,
struct timespec a_timespec;
struct timespec m_timespec;
struct ea_list *ea_list = NULL;
- char *pdata = NULL;
NTSTATUS status;
size_t param_len;
struct case_semantics_state *case_state = NULL;
@@ -1344,6 +1343,14 @@ static void call_nt_transact_create(connection_struct *conn,
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
+
+ /* We have already checked that ea_len <= data_count here. */
+ ea_list = read_nttrans_ea_list(talloc_tos(), data + sd_len,
+ ea_len);
+ if (ea_list == NULL) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
}
srvstr_get_path(ctx, params, req->flags2, &fname,
@@ -1539,19 +1546,6 @@ static void call_nt_transact_create(connection_struct *conn,
}
#endif
- if (ea_len) {
- pdata = data + sd_len;
-
- /* We have already checked that ea_len <= data_count here. */
- ea_list = read_nttrans_ea_list(talloc_tos(), pdata,
- ea_len);
- if (!ea_list ) {
- TALLOC_FREE(case_state);
- reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
- return;
- }
- }
-
/*
* If it's a request for a directory open, deal with it separately.
*/