Don't use fname after create_file has been called

create_file calls unix_convert internally, so modifies fname. So we can't use
"fname" after create_file has returned. Use fsp->fsp_name instead.

Found during a lengthy debugging session with Karolin testing the xattr_tdb
module...

diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c
index 9381174af0c542baaa51dfc7659ce01effa7f86a..5293ca534766a3c8a243024f575719600c4fb60b 100644 (file)
--- a/source/smbd/nttrans.c
+++ b/source/smbd/nttrans.c
@@ -558,7 +558,7 @@ void reply_ntcreate_and_X(struct smb_request *req)
        }
 
        file_len = sbuf.st_size;
-       fattr = dos_mode(conn,fname,&sbuf);
+       fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
        if (fattr == 0) {
                fattr = FILE_ATTRIBUTE_NORMAL;
        }
@@ -626,7 +626,7 @@ void reply_ntcreate_and_X(struct smb_request *req)
                uint32 perms = 0;
                p += 25;
                if (fsp->is_directory
-                   || can_write_to_file(conn, fname, &sbuf)) {
+                   || can_write_to_file(conn, fsp->fsp_name, &sbuf)) {
                        perms = FILE_GENERIC_ALL;
                } else {
                        perms = FILE_GENERIC_READ|FILE_EXECUTE;
@@ -1007,7 +1007,7 @@ static void call_nt_transact_create(connection_struct *conn,
        }
 
        file_len = sbuf.st_size;
-       fattr = dos_mode(conn,fname,&sbuf);
+       fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
        if (fattr == 0) {
                fattr = FILE_ATTRIBUTE_NORMAL;
        }
@@ -1075,7 +1075,7 @@ static void call_nt_transact_create(connection_struct *conn,
                uint32 perms = 0;
                p += 25;
                if (fsp->is_directory
-                   || can_write_to_file(conn, fname, &sbuf)) {
+                   || can_write_to_file(conn, fsp->fsp_name, &sbuf)) {
                        perms = FILE_GENERIC_ALL;
                } else {
                        perms = FILE_GENERIC_READ|FILE_EXECUTE;
@@ -1083,7 +1083,7 @@ static void call_nt_transact_create(connection_struct *conn,
                SIVAL(p,0,perms);
        }
 
-       DEBUG(5,("call_nt_transact_create: open name = %s\n", fname));
+       DEBUG(5,("call_nt_transact_create: open name = %s\n", fsp->fsp_name));
 
        /* Send the required number of replies */
        send_nt_replies(conn, req, NT_STATUS_OK, params, param_len, *ppdata, 0);

diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index 669dad2e3a8aee00ced7e9668aa2168842eb440c..818ff319e4ba2a1c3f4eecadabeca6370673f559 100644 (file)
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -1639,11 +1639,11 @@ void reply_open(struct smb_request *req)
        }
 
        size = sbuf.st_size;
-       fattr = dos_mode(conn,fname,&sbuf);
+       fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
        mtime = sbuf.st_mtime;
 
        if (fattr & aDIR) {
-               DEBUG(3,("attempt to open a directory %s\n",fname));
+               DEBUG(3,("attempt to open a directory %s\n",fsp->fsp_name));
                close_file(fsp,ERROR_CLOSE);
                reply_doserror(req, ERRDOS,ERRnoaccess);
                END_PROFILE(SMBopen);
@@ -1802,7 +1802,7 @@ void reply_open_and_X(struct smb_request *req)
                sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
        }
 
-       fattr = dos_mode(conn,fname,&sbuf);
+       fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
        mtime = sbuf.st_mtime;
        if (fattr & aDIR) {
                close_file(fsp,ERROR_CLOSE);
@@ -1985,7 +1985,7 @@ void reply_mknew(struct smb_request *req)
        }
 
        ts[0] = get_atimespec(&sbuf); /* atime. */
-       file_ntimes(conn, fname, ts);
+       file_ntimes(conn, fsp->fsp_name, ts);
 
        reply_outbuf(req, 1, 0);
        SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
@@ -2000,9 +2000,9 @@ void reply_mknew(struct smb_request *req)
                                CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
        }
 
-       DEBUG( 2, ( "reply_mknew: file %s\n", fname ) );
+       DEBUG( 2, ( "reply_mknew: file %s\n", fsp->fsp_name ) );
        DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
-                               fname, fsp->fh->fd, (unsigned int)fattr ) );
+                   fsp->fsp_name, fsp->fh->fd, (unsigned int)fattr ) );
 
        END_PROFILE(SMBcreate);
        return;
@@ -2125,9 +2125,9 @@ void reply_ctemp(struct smb_request *req)
        SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
 
        /* the returned filename is relative to the directory */
-       s = strrchr_m(fname, '/');
+       s = strrchr_m(fsp->fsp_name, '/');
        if (!s) {
-               s = fname;
+               s = fsp->fsp_name;
        } else {
                s++;
        }
@@ -2154,9 +2154,9 @@ void reply_ctemp(struct smb_request *req)
                      CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
        }
 
-       DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fname ) );
-       DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fname, fsp->fh->fd,
-                       (unsigned int)sbuf.st_mode ) );
+       DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fsp->fsp_name ) );
+       DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fsp->fsp_name,
+                   fsp->fh->fd, (unsigned int)sbuf.st_mode ) );
 
        END_PROFILE(SMBctemp);
        return;

diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c
index 1f7af82670b2cee17f76ada7148a69bc2900494e..dc908846b3bbcac9445fb4bfd34b0b83316816cd 100644 (file)
--- a/source/smbd/trans2.c
+++ b/source/smbd/trans2.c
@@ -1017,7 +1017,7 @@ static void call_trans2open(connection_struct *conn,
        }
 
        size = get_file_size(sbuf);
-       fattr = dos_mode(conn,fname,&sbuf);
+       fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
        mtime = sbuf.st_mtime;
        inode = sbuf.st_ino;
        if (fattr & aDIR) {
@@ -1054,7 +1054,7 @@ static void call_trans2open(connection_struct *conn,
        SIVAL(params,20,inode);
        SSVAL(params,24,0); /* Padding. */
        if (flags & 8) {
-               uint32 ea_size = estimate_ea_size(conn, fsp, fname);
+               uint32 ea_size = estimate_ea_size(conn, fsp, fsp->fsp_name);
                SIVAL(params, 26, ea_size);
        } else {
                SIVAL(params, 26, 0);