From f719c88e833baeed35d59eba6fa6b22eb68db84c Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Wed, 9 Mar 2022 12:58:40 +0100
Subject: [PATCH] smbd: Make non_widelink_open() robust for non-cwd dirfsp

If you pass in dirfsp!=conn->cwd_fsp and a stream fsp, we don't chdir
to the parent pathname, and thus we also don't overwrite
fsp->base_fsp.

fsp->base_fsp!=NULL is thus the wrong condition to restore the
original base fsp name: If we open a stream with a non-cwd_fsp dirfsp,
we would overwrite fsp->base_fsp->fsp_name with NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15105

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 280e9191cbf8a766e69ab138450f2beccbedd879)
---
 source3/smbd/open.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 5a3ac2c064ac..954d0e5a16a1 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -855,7 +855,8 @@ static NTSTATUS non_widelink_open(const struct files_struct *dirfsp,
 
   out:
 	fsp->fsp_name = orig_fsp_name;
-	if (fsp->base_fsp != NULL) {
+
+	if (orig_base_fsp_name != NULL) {
 		/* Save off the temporary name. */
 		struct smb_filename *base_smb_fname_rel =
 			fsp->base_fsp->fsp_name;
-- 
2.35.3