From 501bb6842174b5c5ba2c18ea7b60e24bb4253906 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 2 Nov 2021 10:44:44 -0700
Subject: [PATCH] s3: smbd: dirfsp is being used uninitialized inside
 rmdir_internals().
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Not caught be the tests in bugs 14878, 14879 as can_delete_directory_fsp()
doesn't have the same bug.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov  3 14:33:49 UTC 2021 on sn-devel-184

(cherry picked from commit bbdcd66c048fee39629aeff450b50d049806e2f7)
---
 source3/smbd/close.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 191626557dc..347ed04030c 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -1049,6 +1049,8 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
 		goto err;
 	}
 
+	dirfsp = dir_hnd_fetch_fsp(dir_hnd);
+
 	while ((dname = ReadDirName(dir_hnd, &dirpos, &st, &talloced)) != NULL) {
 		struct smb_filename *smb_dname_full = NULL;
 		struct smb_filename *direntry_fname = NULL;
@@ -1149,7 +1151,6 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
 
 	/* Do a recursive delete. */
 	RewindDir(dir_hnd,&dirpos);
-	dirfsp = dir_hnd_fetch_fsp(dir_hnd);
 
 	while ((dname = ReadDirName(dir_hnd, &dirpos, &st, &talloced)) != NULL) {
 		struct smb_filename *direntry_fname = NULL;
-- 
2.30.2