From 5e1aa469ae61af0442f432e0a2e3bf8c8709616a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 28 Mar 2022 18:42:18 -0700
Subject: [PATCH] s3: smbd: Preserve the fsp->fsp_name->st bufs across
 rename_open_files()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---
 source3/smbd/reply.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index e7e39fe23ec..ff3a6504ddf 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -6955,6 +6955,7 @@ static void rename_open_files(connection_struct *conn,
 
 	for(fsp = file_find_di_first(conn->sconn, id, false); fsp;
 	    fsp = file_find_di_next(fsp, false)) {
+		SMB_STRUCT_STAT fsp_orig_sbuf;
 		struct file_id_buf idbuf;
 		/* fsp_name is a relative path under the fsp. To change this for other
 		   sharepaths we need to manipulate relative paths. */
@@ -6973,10 +6974,24 @@ static void rename_open_files(connection_struct *conn,
 			  fsp_str_dbg(fsp),
 			  smb_fname_str_dbg(smb_fname_dst));
 
+		/*
+		 * The incoming smb_fname_dst here has an
+		 * invalid stat struct (it must not have
+		 * existed for the rename to succeed).
+		 * Preserve the existing stat from the
+		 * open fsp after fsp_set_smb_fname()
+		 * overwrites with the invalid stat.
+		 *
+		 * We will do an fstat before returning
+		 * any of this metadata to the client anyway.
+		 */
+		fsp_orig_sbuf = fsp->fsp_name->st;
 		status = fsp_set_smb_fname(fsp, smb_fname_dst);
 		if (NT_STATUS_IS_OK(status)) {
 			did_rename = True;
 			new_name_hash = fsp->name_hash;
+			/* Restore existing stat. */
+			fsp->fsp_name->st = fsp_orig_sbuf;
 		}
 	}