From f8e3c7a3d6ca1e164595e822ee0cc49327cdffc0 Mon Sep 17 00:00:00 2001 From: Andrew Walker Date: Thu, 28 Oct 2021 16:01:42 -0400 Subject: [PATCH] s3:modules:recycle - fix crash in recycle_unlink_internal Original logic for separating path from base name assumed that we were using same string to determine offset when getting the parent dir name (smb_fname->base_name). Simplify by using parent_dirname() to split the path from base name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14888 Signed-off-by: Andrew Walker Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sat Oct 30 04:34:53 UTC 2021 on sn-devel-184 (cherry picked from commit be3a47e22ad6be204f4a7d6070f82f990c17e6fb) --- source3/modules/vfs_recycle.c | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c index 1c18f232c32..6e657943110 100644 --- a/source3/modules/vfs_recycle.c +++ b/source3/modules/vfs_recycle.c @@ -571,17 +571,10 @@ static int recycle_unlink_internal(vfs_handle_struct *handle, */ /* extract filename and path */ - base = strrchr(full_fname->base_name, '/'); - if (base == NULL) { - base = full_fname->base_name; - path_name = SMB_STRDUP("/"); - ALLOC_CHECK(path_name, done); - } - else { - path_name = SMB_STRDUP(full_fname->base_name); - ALLOC_CHECK(path_name, done); - path_name[base - smb_fname->base_name] = '\0'; - base++; + if (!parent_dirname(talloc_tos(), full_fname->base_name, &path_name, &base)) { + rc = -1; + errno = ENOMEM; + goto done; } /* original filename with path */ @@ -716,7 +709,7 @@ static int recycle_unlink_internal(vfs_handle_struct *handle, recycle_touch_mtime(handle)); done: - SAFE_FREE(path_name); + TALLOC_FREE(path_name); SAFE_FREE(temp_name); SAFE_FREE(final_name); TALLOC_FREE(full_fname); -- 2.30.2