From 8d1b81926d95f149936f3eb0a50355707d6c8bfa Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 19 Jun 2009 16:00:23 +0200 Subject: Fix Coverity IDs 922 and 933 In copy_internals(), if the !CAN_WRITE(conn) kicks in, we end up dereferencing a NULL smb_filename. This adds a simple protection around it. Tim, please check! Volker --- source3/include/proto.h | 2 +- source3/smbd/filename.c | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 74406fdeac..ffd2858594 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -6372,7 +6372,7 @@ NTSTATUS create_synthetic_smb_fname_split(TALLOC_CTX *ctx, const char *fname, SMB_STRUCT_STAT *psbuf, struct smb_filename **smb_fname_out); -char *smb_fname_str_dbg(const struct smb_filename *smb_fname); +const char *smb_fname_str_dbg(const struct smb_filename *smb_fname); NTSTATUS copy_smb_filename(TALLOC_CTX *ctx, const struct smb_filename *smb_fname_in, struct smb_filename **smb_fname_out); diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index e1e54549f7..9854407a70 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -164,14 +164,17 @@ NTSTATUS create_synthetic_smb_fname_split(TALLOC_CTX *ctx, /** * Return a string using the debug_ctx() */ -char *smb_fname_str_dbg(const struct smb_filename *smb_fname) +const char *smb_fname_str_dbg(const struct smb_filename *smb_fname) { char *fname = NULL; NTSTATUS status; + if (smb_fname == NULL) { + return ""; + } status = get_full_smb_filename(debug_ctx(), smb_fname, &fname); if (!NT_STATUS_IS_OK(status)) { - fname = talloc_strdup(debug_ctx(), ""); + return ""; } return fname; } -- cgit