Fix Coverity IDs 922 and 933

In copy_internals(), if the !CAN_WRITE(conn) kicks in, we end up
dereferencing a NULL smb_filename.

This adds a simple protection around it.

Tim, please check!

Volker

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 74406fdeac7a5a560c66a54ae17c7295cd20f77a..ffd285859452902dacd22de58fc39d2deeffffe8 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6372,7 +6372,7 @@ NTSTATUS create_synthetic_smb_fname_split(TALLOC_CTX *ctx,
                                          const char *fname,
                                          SMB_STRUCT_STAT *psbuf,
                                          struct smb_filename **smb_fname_out);
-char *smb_fname_str_dbg(const struct smb_filename *smb_fname);
+const char *smb_fname_str_dbg(const struct smb_filename *smb_fname);
 NTSTATUS copy_smb_filename(TALLOC_CTX *ctx,
                           const struct smb_filename *smb_fname_in,
                           struct smb_filename **smb_fname_out);

diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index e1e54549f787f86a22cfab1184fdadc689c650d6..9854407a701d945a6f9aa26894e00c4817530867 100644 (file)
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -164,14 +164,17 @@ NTSTATUS create_synthetic_smb_fname_split(TALLOC_CTX *ctx,
 /**
  * Return a string using the debug_ctx()
  */
-char *smb_fname_str_dbg(const struct smb_filename *smb_fname)
+const char *smb_fname_str_dbg(const struct smb_filename *smb_fname)
 {
        char *fname = NULL;
        NTSTATUS status;
 
+       if (smb_fname == NULL) {
+               return "";
+       }
        status = get_full_smb_filename(debug_ctx(), smb_fname, &fname);
        if (!NT_STATUS_IS_OK(status)) {
-               fname = talloc_strdup(debug_ctx(), "");
+               return "";
        }
        return fname;
 }