From: Jeremy Allison <jra@samba.org>
Date: Tue, 20 Dec 2016 00:25:26 +0000 (-0800)
Subject: CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed.
X-Git-Tag: samba-4.4.12~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9178d6d311d76a257ddaf4df295dad4f291ded5b;p=thirdparty%2Fsamba.git

CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
---

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index cbd32e30704..ea4b301642b 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1601,20 +1601,12 @@ static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx,
 		return NULL;
 	}
 
-	dirp->conn = conn;
-	dirp->name_cache_size = lp_directory_name_cache_size(SNUM(conn));
-
 	dirp->dir_path = talloc_strdup(dirp, name);
 	if (!dirp->dir_path) {
 		errno = ENOMEM;
 		goto fail;
 	}
 
-	if (sconn && !sconn->using_smb2) {
-		sconn->searches.dirhandles_open++;
-	}
-	talloc_set_destructor(dirp, smb_Dir_destructor);
-
 	dirp->dir = SMB_VFS_OPENDIR(conn, dirp->dir_path, mask, attr);
 	if (!dirp->dir) {
 		DEBUG(5,("OpenDir: Can't open %s. %s\n", dirp->dir_path,
@@ -1622,6 +1614,14 @@ static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx,
 		goto fail;
 	}
 
+	dirp->conn = conn;
+	dirp->name_cache_size = lp_directory_name_cache_size(SNUM(conn));
+
+	if (sconn && !sconn->using_smb2) {
+		sconn->searches.dirhandles_open++;
+	}
+	talloc_set_destructor(dirp, smb_Dir_destructor);
+
 	return dirp;
 
   fail: