s3:modules:recycle - fix crash in recycle_unlink_internal

Original logic for separating path from base name assumed
that we were using same string to determine offset when
getting the parent dir name (smb_fname->base_name).

Simplify by using parent_dirname() to split the path
from base name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14888

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 30 04:34:53 UTC 2021 on sn-devel-184

diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c
index 1c18f232c32f8e66f0fbf7fe74b97a3f05bac50d..6e65794311031a2743607460ae445dc876971d49 100644 (file)
--- a/source3/modules/vfs_recycle.c
+++ b/source3/modules/vfs_recycle.c
@@ -571,17 +571,10 @@ static int recycle_unlink_internal(vfs_handle_struct *handle,
         */
 
        /* extract filename and path */
-       base = strrchr(full_fname->base_name, '/');
-       if (base == NULL) {
-               base = full_fname->base_name;
-               path_name = SMB_STRDUP("/");
-               ALLOC_CHECK(path_name, done);
-       }
-       else {
-               path_name = SMB_STRDUP(full_fname->base_name);
-               ALLOC_CHECK(path_name, done);
-               path_name[base - smb_fname->base_name] = '\0';
-               base++;
+       if (!parent_dirname(talloc_tos(), full_fname->base_name, &path_name, &base)) {
+               rc = -1;
+               errno = ENOMEM;
+               goto done;
        }
 
        /* original filename with path */
@@ -716,7 +709,7 @@ static int recycle_unlink_internal(vfs_handle_struct *handle,
                                 recycle_touch_mtime(handle));
 
 done:
-       SAFE_FREE(path_name);
+       TALLOC_FREE(path_name);
        SAFE_FREE(temp_name);
        SAFE_FREE(final_name);
        TALLOC_FREE(full_fname);