s4-smb2: check for invalid SMB2 lock ranges
[ira/wip.git] / source4 / ntvfs / ntvfs_generic.c
index 3319539b63d5361844aacbf4faff120bcfe6be62..d564db72ff24bf1077bd1d8883e29bcdbd043003 100644 (file)
@@ -1116,6 +1116,12 @@ NTSTATUS ntvfs_map_lock(struct ntvfs_module_context *ntvfs,
                        isunlock = false;
                }
                for (i=0;i<lck->smb2.in.lock_count;i++) {
+                       if (lck->smb2.in.locks[i].length > 1 &&
+                           lck->smb2.in.locks[i].offset +
+                           lck->smb2.in.locks[i].length <
+                           lck->smb2.in.locks[i].offset) {
+                               return NT_STATUS_INVALID_LOCK_RANGE;
+                       }
                        if (lck->smb2.in.locks[i].flags == SMB2_LOCK_FLAG_NONE) {
                                return NT_STATUS_INVALID_PARAMETER;
                        }