From 796d366189d3a8e025348ca5bdf3c15cdfbdd65e Mon Sep 17 00:00:00 2001
From: kshumikhina <ksen.shum@gmail.com>
Date: Thu, 11 Jun 2026 18:23:08 +0400
Subject: [PATCH] s4:torture: Fix NULL pointer dereference in lpcfg_set_cmdline

If orig_share is NULL, the program will jump to the done label, where the
lpcfg_set_cmdline function will be called without any checks; within that
function, no checks are performed either, and orig_share will be dereferenced.

Added a check if (orig_share != NULL) before calling lpcfg_set_cmdline
in the cleanup block.

Pair-Programmed-With: Dmitry Mikhalchenko <tascad@altlinux.org>
Signed-off-by: Shumikhina Ksenia <shumikhinaka@sgu.ru>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Jun 13 09:25:05 UTC 2026 on atb-devel-224
---
 source4/torture/smb2/lease.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/source4/torture/smb2/lease.c b/source4/torture/smb2/lease.c
index 481a0b83f39..0eeadee052a 100644
--- a/source4/torture/smb2/lease.c
+++ b/source4/torture/smb2/lease.c
@@ -4908,7 +4908,9 @@ static bool test_lease_dynamic_share(struct torture_context *tctx,
 	}
 
 	/* Set sharename back. */
-	lpcfg_set_cmdline(tctx->lp_ctx, "torture:share", orig_share);
+	if (orig_share != NULL) {
+		lpcfg_set_cmdline(tctx->lp_ctx, "torture:share", orig_share);
+	}
 
 	talloc_free(mem_ctx);
 
-- 
2.47.3