From 04f235a9ebf45422c6ec2a971268c2c38dc081ad Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 26 Nov 2009 16:53:51 +1100
Subject: [PATCH] s4-smb2: check for invalid SMB2 lock ranges

---
 source4/ntvfs/ntvfs_generic.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source4/ntvfs/ntvfs_generic.c b/source4/ntvfs/ntvfs_generic.c
index 3319539b63d..d564db72ff2 100644
--- a/source4/ntvfs/ntvfs_generic.c
+++ b/source4/ntvfs/ntvfs_generic.c
@@ -1116,6 +1116,12 @@ NTSTATUS ntvfs_map_lock(struct ntvfs_module_context *ntvfs,
 			isunlock = false;
 		}
 		for (i=0;i<lck->smb2.in.lock_count;i++) {
+			if (lck->smb2.in.locks[i].length > 1 &&
+			    lck->smb2.in.locks[i].offset +
+			    lck->smb2.in.locks[i].length <
+			    lck->smb2.in.locks[i].offset) {
+				return NT_STATUS_INVALID_LOCK_RANGE;
+			}
 			if (lck->smb2.in.locks[i].flags == SMB2_LOCK_FLAG_NONE) {
 				return NT_STATUS_INVALID_PARAMETER;
 			}
-- 
2.34.1