s4/smbstreams: Fix memory use after free.

The bug is that sometimes 'streams' is parent for 'new_name'.
With this said, 'new_name' must be dupped before 'streams'
pointer is freed.

Signed-off-by: Andrew Tridgell <tridge@samba.org>

diff --git a/source4/ntvfs/posix/pvfs_streams.c b/source4/ntvfs/posix/pvfs_streams.c
index 4da95432c1ff46c8842d91a871de822669a9910d..cacd8c1995268e18b91042e00f5367888cf24708 100644 (file)
--- a/source4/ntvfs/posix/pvfs_streams.c
+++ b/source4/ntvfs/posix/pvfs_streams.c
@@ -304,11 +304,15 @@ NTSTATUS pvfs_stream_rename(struct pvfs_state *pvfs, struct pvfs_filename *name,
        }
 
        status = pvfs_streams_save(pvfs, name, fd, streams);
-       talloc_free(streams);
 
-       /* update the in-memory copy of the name of the open file */
-       talloc_free(name->stream_name);
-       name->stream_name = talloc_strdup(name, new_name);
+       if (NT_STATUS_IS_OK(status)) {
+
+               /* update the in-memory copy of the name of the open file */
+               talloc_free(name->stream_name);
+               name->stream_name = talloc_strdup(name, new_name);
+
+               talloc_free(streams);
+       }
 
        return status;
 }