From: Volker Lendecke <vl@samba.org>
Date: Wed, 9 Mar 2022 11:58:40 +0000 (+0100)
Subject: smbd: Make non_widelink_open() robust for non-cwd dirfsp
X-Git-Tag: tevent-0.12.0~350
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=280e9191cbf8a766e69ab138450f2beccbedd879;p=thirdparty%2Fsamba.git

smbd: Make non_widelink_open() robust for non-cwd dirfsp

If you pass in dirfsp!=conn->cwd_fsp and a stream fsp, we don't chdir
to the parent pathname, and thus we also don't overwrite
fsp->base_fsp.

fsp->base_fsp!=NULL is thus the wrong condition to restore the
original base fsp name: If we open a stream with a non-cwd_fsp dirfsp,
we would overwrite fsp->base_fsp->fsp_name with NULL.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index d01b5ae65f4..3995a0beb35 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -891,7 +891,8 @@ static NTSTATUS non_widelink_open(const struct files_struct *dirfsp,
 
   out:
 	fsp->fsp_name = orig_fsp_name;
-	if (fsp->base_fsp != NULL) {
+
+	if (orig_base_fsp_name != NULL) {
 		/* Save off the temporary name. */
 		struct smb_filename *base_smb_fname_rel =
 			fsp->base_fsp->fsp_name;