From f6dfdf7d31967076dbd51ceb35145d28381a6f92 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 19 Dec 2016 12:32:07 -0800
Subject: [PATCH] CVE-2017-2619: s3: smbd: Move the reference counting and
 destructor setup to just before retuning success.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
---
 source3/smbd/dir.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 42e787bed6c..2fd50850665 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1783,11 +1783,6 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn,
 		goto fail;
 	}
 
-	if (sconn && !sconn->using_smb2) {
-		sconn->searches.dirhandles_open++;
-	}
-	talloc_set_destructor(dirp, smb_Dir_destructor);
-
 	dirp->dir = SMB_VFS_FDOPENDIR(fsp, mask, attr);
 	if (dirp->dir != NULL) {
 		dirp->fsp = fsp;
@@ -1816,6 +1811,11 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn,
 		goto fail;
 	}
 
+	if (sconn && !sconn->using_smb2) {
+		sconn->searches.dirhandles_open++;
+	}
+	talloc_set_destructor(dirp, smb_Dir_destructor);
+
 	return dirp;
 
   fail:
-- 
2.47.3