s4-smb2: check for invalid SMB2 lock ranges

author Andrew Tridgell <tridge@samba.org>

Thu, 26 Nov 2009 05:53:51 +0000 (16:53 +1100)

committer Andrew Tridgell <tridge@samba.org>

Fri, 27 Nov 2009 05:05:05 +0000 (16:05 +1100)
author Andrew Tridgell <tridge@samba.org>
Thu, 26 Nov 2009 05:53:51 +0000 (16:53 +1100)
committer Andrew Tridgell <tridge@samba.org>
Fri, 27 Nov 2009 05:05:05 +0000 (16:05 +1100)
diff --git a/source4/ntvfs/ntvfs_generic.c b/source4/ntvfs/ntvfs_generic.c

index 3319539b63d5361844aacbf4faff120bcfe6be62..d564db72ff24bf1077bd1d8883e29bcdbd043003 100644 (file)
--- a/source4/ntvfs/ntvfs_generic.c
+++ b/source4/ntvfs/ntvfs_generic.c
@@ -1116,6 +1116,12 @@ NTSTATUS ntvfs_map_lock(struct ntvfs_module_context *ntvfs,
                         isunlock = false;
                 }
                 for (i=0;i<lck->smb2.in.lock_count;i++) {
+                       if (lck->smb2.in.locks[i].length > 1 &&
+                           lck->smb2.in.locks[i].offset +
+                           lck->smb2.in.locks[i].length <
+                           lck->smb2.in.locks[i].offset) {
+                               return NT_STATUS_INVALID_LOCK_RANGE;
+                       }
                         if (lck->smb2.in.locks[i].flags == SMB2_LOCK_FLAG_NONE) {
                                 return NT_STATUS_INVALID_PARAMETER;
                         }
author	Andrew Tridgell <tridge@samba.org>
	Thu, 26 Nov 2009 05:53:51 +0000 (16:53 +1100)
committer	Andrew Tridgell <tridge@samba.org>
	Fri, 27 Nov 2009 05:05:05 +0000 (16:05 +1100)