Don't overwrite a dynamic pointer with the address of a stack

variable.
Jeremy.

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 86f6626a697567a4fb678d6a0c742f5614b0fe8b..4e347d6ddb6af357d190e6c7420fd5e296b471ea 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6333,7 +6333,7 @@ void delete_write_cache(files_struct *fsp);
 void set_filelen_write_cache(files_struct *fsp, SMB_OFF_T file_size);
 ssize_t flush_write_cache(files_struct *fsp, enum flush_reason_enum reason);
 NTSTATUS sync_file(connection_struct *conn, files_struct *fsp, bool write_through);
-int fsp_stat(files_struct *fsp, SMB_STRUCT_STAT *pst);
+int fsp_stat(files_struct *fsp);
 
 /* The following definitions come from smbd/filename.c  */
 

diff --git a/source3/smbd/fileio.c b/source3/smbd/fileio.c
index c0deaebcfc717cf060b8098b9e754ff9fa5eb551..1c27fef09b1982c2c79b3780454677254f1bd5cb 100644 (file)
--- a/source3/smbd/fileio.c
+++ b/source3/smbd/fileio.c
@@ -982,17 +982,15 @@ NTSTATUS sync_file(connection_struct *conn, files_struct *fsp, bool write_throug
  Perform a stat whether a valid fd or not.
 ************************************************************/
 
-int fsp_stat(files_struct *fsp, SMB_STRUCT_STAT *pst)
+int fsp_stat(files_struct *fsp)
 {
        if (fsp->fh->fd == -1) {
-               int ret;
-
-               ret = SMB_VFS_STAT(fsp->conn, fsp->fsp_name);
-               if (ret != -1) {
-                       *pst = fsp->fsp_name->st;
+               if (fsp->posix_open) {
+                       return SMB_VFS_LSTAT(fsp->conn, fsp->fsp_name);
+               } else {
+                       return SMB_VFS_STAT(fsp->conn, fsp->fsp_name);
                }
-               return ret;
        } else {
-               return SMB_VFS_FSTAT(fsp, pst);
+               return SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st);
        }
 }

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 984cf56c11181d4777efd37905c52e04f7e3625d..d39edc56db479e88752d70d22218476dad91a4c9 100644 (file)
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -7752,7 +7752,6 @@ void reply_writebs(struct smb_request *req)
 void reply_getattrE(struct smb_request *req)
 {
        connection_struct *conn = req->conn;
-       SMB_STRUCT_STAT sbuf;
        int mode;
        files_struct *fsp;
        struct timespec create_ts;
@@ -7774,14 +7773,12 @@ void reply_getattrE(struct smb_request *req)
        }
 
        /* Do an fstat on this file */
-       if(fsp_stat(fsp, &sbuf)) {
+       if(fsp_stat(fsp)) {
                reply_nterror(req, map_nt_error_from_unix(errno));
                END_PROFILE(SMBgetattrE);
                return;
        }
 
-       fsp->fsp_name->st = sbuf;
-
        mode = dos_mode(conn, fsp->fsp_name);
 
        /*
@@ -7795,17 +7792,17 @@ void reply_getattrE(struct smb_request *req)
        create_ts = get_create_timespec(conn, fsp, fsp->fsp_name);
        srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
        srv_put_dos_date2((char *)req->outbuf, smb_vwv2,
-                         convert_timespec_to_time_t(sbuf.st_ex_atime));
+                         convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_atime));
        /* Should we check pending modtime here ? JRA */
        srv_put_dos_date2((char *)req->outbuf, smb_vwv4,
-                         convert_timespec_to_time_t(sbuf.st_ex_mtime));
+                         convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime));
 
        if (mode & aDIR) {
                SIVAL(req->outbuf, smb_vwv6, 0);
                SIVAL(req->outbuf, smb_vwv8, 0);
        } else {
-               uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &sbuf);
-               SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_ex_size);
+               uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &fsp->fsp_name->st);
+               SIVAL(req->outbuf, smb_vwv6, (uint32)fsp->fsp_name->st.st_ex_size);
                SIVAL(req->outbuf, smb_vwv8, allocation_size);
        }
        SSVAL(req->outbuf,smb_vwv10, mode);