From 2642639d5e5a0c64722b9e6eb883daa6e46f433a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 16 Mar 2016 16:52:56 -0700
Subject: [PATCH] s3: smbd: Fix use-after free when singleton cache is left
 invalid.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11799

Signed-off-by: Jeremy Allison <jra@samba.org>
---
 source3/smbd/files.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 8fefddd..1a7b48e 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -500,6 +500,11 @@ void fsp_free(files_struct *fsp)
 
 	fsp->conn->num_files_open--;
 
+	/* Closing a file can invalidate the positive cache. */
+	if (fsp == sconn->fsp_fi_cache.fsp) {
+		ZERO_STRUCT(sconn->fsp_fi_cache);
+	}
+
 	/* this is paranoia, just in case someone tries to reuse the
 	   information */
 	ZERO_STRUCTP(fsp);
@@ -540,11 +545,6 @@ void file_free(struct smb_request *req, files_struct *fsp)
 		remove_smb2_chained_fsp(fsp);
 	}
 
-	/* Closing a file can invalidate the positive cache. */
-	if (fsp == sconn->fsp_fi_cache.fsp) {
-		ZERO_STRUCT(sconn->fsp_fi_cache);
-	}
-
 	/* Drop all remaining extensions. */
 	vfs_remove_all_fsp_extensions(fsp);
 
-- 
2.7.0.rc3.207.g0ac5344