summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2007-08-14 10:27:27 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:29:41 -0500
commit439d6020e9b1994ad8e9b4080ba73dde6da93037 (patch)
treec85c222594ea3fa989934d7cc827614c999b9f92
parentae89ba48ec548f28d38a0a35bc3884181946f1b8 (diff)
downloadsamba-439d6020e9b1994ad8e9b4080ba73dde6da93037.tar.gz
samba-439d6020e9b1994ad8e9b4080ba73dde6da93037.tar.bz2
samba-439d6020e9b1994ad8e9b4080ba73dde6da93037.zip
r24405: Check wct in reply_lockingX
(This used to be commit c4972632f8b41c87a4c0fdfc6c98515c42eafda5)
-rw-r--r--source3/smbd/reply.c27
1 files changed, 19 insertions, 8 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index d42d6399fb..a9af46bb69 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -5773,23 +5773,34 @@ SMB_BIG_UINT get_lock_offset( char *data, int data_offset, BOOL large_file_forma
int reply_lockingX(connection_struct *conn, char *inbuf, char *outbuf,
int length, int bufsize)
{
- files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv2));
- unsigned char locktype = CVAL(inbuf,smb_vwv3);
- unsigned char oplocklevel = CVAL(inbuf,smb_vwv3+1);
- uint16 num_ulocks = SVAL(inbuf,smb_vwv6);
- uint16 num_locks = SVAL(inbuf,smb_vwv7);
+ files_struct *fsp;
+ unsigned char locktype;
+ unsigned char oplocklevel;
+ uint16 num_ulocks;
+ uint16 num_locks;
SMB_BIG_UINT count = 0, offset = 0;
uint32 lock_pid;
- int32 lock_timeout = IVAL(inbuf,smb_vwv4);
+ int32 lock_timeout;
int i;
char *data;
- BOOL large_file_format =
- (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
+ BOOL large_file_format;
BOOL err;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
START_PROFILE(SMBlockingX);
+
+ if (CVAL(inbuf, smb_wct) < 8) {
+ return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+ fsp = file_fsp(SVAL(inbuf,smb_vwv2));
+ locktype = CVAL(inbuf,smb_vwv3);
+ oplocklevel = CVAL(inbuf,smb_vwv3+1);
+ num_ulocks = SVAL(inbuf,smb_vwv6);
+ num_locks = SVAL(inbuf,smb_vwv7);
+ lock_timeout = IVAL(inbuf,smb_vwv4);
+ large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
+
CHECK_FSP(fsp,conn);
data = smb_buf(inbuf);