smbd: add vfs_valid_{pread,pwrite}_range() checks where needed

[amitay/samba.git] / source3 / smbd / aio.c

diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c
index f89ce8537a058c38f6d31c135ffd142e900bfcf2..f141d67316740b9eecbd8f26b2a61991d6fb9e7b 100644 (file)
--- a/source3/smbd/aio.c
+++ b/source3/smbd/aio.c
@@ -164,6 +164,12 @@ NTSTATUS schedule_aio_read_and_X(connection_struct *conn,
        size_t bufsize;
        size_t min_aio_read_size = lp_aio_read_size(SNUM(conn));
        struct tevent_req *req;
+       bool ok;
+
+       ok = vfs_valid_pread_range(startpos, smb_maxcnt);
+       if (!ok) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
 
        if (fsp->base_fsp != NULL) {
                /* No AIO on streams yet */
@@ -328,6 +334,7 @@ static struct tevent_req *pwrite_fsync_send(TALLOC_CTX *mem_ctx,
 {
        struct tevent_req *req, *subreq;
        struct pwrite_fsync_state *state;
+       bool ok;
 
        req = tevent_req_create(mem_ctx, &state, struct pwrite_fsync_state);
        if (req == NULL) {
@@ -337,6 +344,12 @@ static struct tevent_req *pwrite_fsync_send(TALLOC_CTX *mem_ctx,
        state->fsp = fsp;
        state->write_through = write_through;
 
+       ok = vfs_valid_pwrite_range(offset, n);
+       if (!ok) {
+               tevent_req_error(req, EINVAL);
+               return tevent_req_post(req, ev);
+       }
+
        if (n == 0) {
                tevent_req_done(req);
                return tevent_req_post(req, ev);
@@ -664,6 +677,12 @@ NTSTATUS schedule_smb2_aio_read(connection_struct *conn,
        struct aio_extra *aio_ex;
        size_t min_aio_read_size = lp_aio_read_size(SNUM(conn));
        struct tevent_req *req;
+       bool ok;
+
+       ok = vfs_valid_pread_range(startpos, smb_maxcnt);
+       if (!ok) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
 
        if (fsp->base_fsp != NULL) {
                /* No AIO on streams yet */