CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed.

author Jeremy Allison <jra@samba.org>

Tue, 20 Dec 2016 00:25:26 +0000 (16:25 -0800)

committer Karolin Seeger <kseeger@samba.org>

Wed, 22 Mar 2017 09:45:16 +0000 (10:45 +0100)
author Jeremy Allison <jra@samba.org>
Tue, 20 Dec 2016 00:25:26 +0000 (16:25 -0800)
committer Karolin Seeger <kseeger@samba.org>
Wed, 22 Mar 2017 09:45:16 +0000 (10:45 +0100)
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c

index cbd32e30704be6c5ff68611e53a43a6a5917fd2b..ea4b301642b0c2b2b86f29a412dd67976895c2d0 100644 (file)
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1601,20 +1601,12 @@ static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx,
                 return NULL;
         }
  
-       dirp->conn = conn;
-       dirp->name_cache_size = lp_directory_name_cache_size(SNUM(conn));
-
         dirp->dir_path = talloc_strdup(dirp, name);
         if (!dirp->dir_path) {
                 errno = ENOMEM;
                 goto fail;
         }
  
-       if (sconn && !sconn->using_smb2) {
-               sconn->searches.dirhandles_open++;
-       }
-       talloc_set_destructor(dirp, smb_Dir_destructor);
-
         dirp->dir = SMB_VFS_OPENDIR(conn, dirp->dir_path, mask, attr);
         if (!dirp->dir) {
                 DEBUG(5,("OpenDir: Can't open %s. %s\n", dirp->dir_path,
@@ -1622,6 +1614,14 @@ static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx,
                 goto fail;
         }
  
+       dirp->conn = conn;
+       dirp->name_cache_size = lp_directory_name_cache_size(SNUM(conn));
+
+       if (sconn && !sconn->using_smb2) {
+               sconn->searches.dirhandles_open++;
+       }
+       talloc_set_destructor(dirp, smb_Dir_destructor);
+
         return dirp;
  
    fail:
author	Jeremy Allison <jra@samba.org>
	Tue, 20 Dec 2016 00:25:26 +0000 (16:25 -0800)
committer	Karolin Seeger <kseeger@samba.org>
	Wed, 22 Mar 2017 09:45:16 +0000 (10:45 +0100)