diff options
-rw-r--r-- | source3/smbd/nttrans.c | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index aed237fc65..c19ba6519f 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1269,7 +1269,6 @@ static void call_nt_transact_create(connection_struct *conn, struct timespec a_timespec; struct timespec m_timespec; struct ea_list *ea_list = NULL; - char *pdata = NULL; NTSTATUS status; size_t param_len; struct case_semantics_state *case_state = NULL; @@ -1344,6 +1343,14 @@ static void call_nt_transact_create(connection_struct *conn, reply_nterror(req, NT_STATUS_INVALID_PARAMETER); return; } + + /* We have already checked that ea_len <= data_count here. */ + ea_list = read_nttrans_ea_list(talloc_tos(), data + sd_len, + ea_len); + if (ea_list == NULL) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + return; + } } srvstr_get_path(ctx, params, req->flags2, &fname, @@ -1539,19 +1546,6 @@ static void call_nt_transact_create(connection_struct *conn, } #endif - if (ea_len) { - pdata = data + sd_len; - - /* We have already checked that ea_len <= data_count here. */ - ea_list = read_nttrans_ea_list(talloc_tos(), pdata, - ea_len); - if (!ea_list ) { - TALLOC_FREE(case_state); - reply_nterror(req, NT_STATUS_INVALID_PARAMETER); - return; - } - } - /* * If it's a request for a directory open, deal with it separately. */ |