From: Volker Lendecke <vl@samba.org>
Date: Thu, 15 Dec 2022 18:06:20 +0000 (+0100)
Subject: libsmb: Don't mess up pathnames in cli_smb2_create_fnum_send()
X-Git-Tag: talloc-2.4.0~227
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7fcbae4e4940c8d89717c4fa4199d57d69c1d3a4;p=thirdparty%2Fsamba.git

libsmb: Don't mess up pathnames in cli_smb2_create_fnum_send()

Master-only bug introduced with dd9cdfb3b14: smb2_dfs_share_path() can
change the length of fname, and if it happens that the original length
hits a \ in the enlarged filename, we cut it off.

Found by accident, this really made me scratch my head when looking at
traces :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index 5cf6f5baf7b..bb99201bb61 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -287,6 +287,7 @@ struct tevent_req *cli_smb2_create_fnum_send(
 	if (tevent_req_nomem(fname, req)) {
 		return tevent_req_post(req, ev);
 	}
+	fname_len = strlen(fname);
 
 	/* SMB2 is pickier about pathnames. Ensure it doesn't
 	   start in a '\' */