From: Jeremy Allison <jra@samba.org>
Date: Tue, 2 Nov 2021 17:44:44 +0000 (-0700)
Subject: s3: smbd: dirfsp is being used uninitialized inside rmdir_internals().
X-Git-Tag: ldb-2.5.0~324
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bbdcd66c048fee39629aeff450b50d049806e2f7;p=thirdparty%2Fsamba.git

s3: smbd: dirfsp is being used uninitialized inside rmdir_internals().

Not caught be the tests in bugs 14878, 14879 as can_delete_directory_fsp()
doesn't have the same bug.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov  3 14:33:49 UTC 2021 on sn-devel-184
---

diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index eae276b2e9c..ad10215a4fa 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -1052,6 +1052,8 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
 		goto err;
 	}
 
+	dirfsp = dir_hnd_fetch_fsp(dir_hnd);
+
 	while ((dname = ReadDirName(dir_hnd, &dirpos, &st, &talloced)) != NULL) {
 		struct smb_filename *smb_dname_full = NULL;
 		struct smb_filename *direntry_fname = NULL;
@@ -1200,7 +1202,6 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
 
 	/* Do a recursive delete. */
 	RewindDir(dir_hnd,&dirpos);
-	dirfsp = dir_hnd_fetch_fsp(dir_hnd);
 
 	while ((dname = ReadDirName(dir_hnd, &dirpos, &st, &talloced)) != NULL) {
 		struct smb_filename *direntry_fname = NULL;