s3: smbd: dirfsp is being used uninitialized inside rmdir_internals().

Not caught be the tests in bugs 14878, 14879 as can_delete_directory_fsp()
doesn't have the same bug.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov  3 14:33:49 UTC 2021 on sn-devel-184

(cherry picked from commit bbdcd66c048fee39629aeff450b50d049806e2f7)

diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 7178257efcc014c4ba68cf24a60aa17d92ed7206..89e18d979ed4de4d105b1575d05008f6a332a6f8 100644 (file)
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -1055,6 +1055,8 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
                goto err;
        }
 
+       dirfsp = dir_hnd_fetch_fsp(dir_hnd);
+
        while ((dname = ReadDirName(dir_hnd, &dirpos, &st, &talloced)) != NULL) {
                struct smb_filename *smb_dname_full = NULL;
                struct smb_filename *direntry_fname = NULL;
@@ -1203,7 +1205,6 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
 
        /* Do a recursive delete. */
        RewindDir(dir_hnd,&dirpos);
-       dirfsp = dir_hnd_fetch_fsp(dir_hnd);
 
        while ((dname = ReadDirName(dir_hnd, &dirpos, &st, &talloced)) != NULL) {
                struct smb_filename *direntry_fname = NULL;