diff options
| author | Jeremy Allison <jra@samba.org> | 2010-05-05 15:57:57 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2010-05-05 15:57:57 -0700 |
| commit | d58b7955871213a4d0d4b77d080f6fc716350054 (patch) | |
| tree | e6b190cb09e15c6d88db7bdb9e65e7184b1e0ea5 /source3 | |
| parent | c6ebab846d25563d051b1a1248ea288ba7eb0bcb (diff) | |
| download | samba-d58b7955871213a4d0d4b77d080f6fc716350054.tar.gz samba-d58b7955871213a4d0d4b77d080f6fc716350054.tar.bz2 samba-d58b7955871213a4d0d4b77d080f6fc716350054.zip | |
Move to MS-FSA algorithm when checking for invalid lock range.
Satisfies SMB and SMB2.
Jeremy.
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/locking/brlock.c | 13 | ||||
| -rw-r--r-- | source3/smbd/smb2_lock.c | 7 |
2 files changed, 6 insertions, 14 deletions
diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c index ee0eaf5198..8250e5a9d4 100644 --- a/source3/locking/brlock.c +++ b/source3/locking/brlock.c @@ -333,12 +333,12 @@ NTSTATUS brl_lock_windows_default(struct byte_range_lock *br_lck, SMB_ASSERT(plock->lock_type != UNLOCK_LOCK); - for (i=0; i < br_lck->num_locks; i++) { - if (locks[i].start + locks[i].size < locks[i].start) { - /* 64-bit wrap. Error. */ - return NT_STATUS_INVALID_LOCK_RANGE; - } + if ((plock->start + plock->size - 1 < plock->start) && + plock->size != 0) { + return NT_STATUS_INVALID_LOCK_RANGE; + } + for (i=0; i < br_lck->num_locks; i++) { /* Do any Windows or POSIX locks conflict ? */ if (brl_conflict(&locks[i], plock)) { /* Remember who blocked us. */ @@ -716,8 +716,7 @@ static NTSTATUS brl_lock_posix(struct messaging_context *msg_ctx, } /* Don't allow 64-bit lock wrap. */ - if (plock->start + plock->size < plock->start || - plock->start + plock->size < plock->size) { + if (plock->start + plock->size - 1 < plock->start) { return NT_STATUS_INVALID_PARAMETER; } diff --git a/source3/smbd/smb2_lock.c b/source3/smbd/smb2_lock.c index 9e699159ff..7b01889c46 100644 --- a/source3/smbd/smb2_lock.c +++ b/source3/smbd/smb2_lock.c @@ -277,7 +277,6 @@ static struct tevent_req *smbd_smb2_lock_send(TALLOC_CTX *mem_ctx, } for (i=0; i<in_lock_count; i++) { - uint64_t max_count; bool invalid = false; switch (in_locks[i].flags) { @@ -346,12 +345,6 @@ static struct tevent_req *smbd_smb2_lock_send(TALLOC_CTX *mem_ctx, } else { locks[i].brltype = UNLOCK_LOCK; } - - max_count = UINT64_MAX - locks[i].offset; - if (locks[i].count > max_count) { - tevent_req_nterror(req, NT_STATUS_INVALID_LOCK_RANGE); - return tevent_req_post(req, ev); - } } state->locks = locks; |