summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2010-05-05 15:57:57 -0700
committerJeremy Allison <jra@samba.org>2010-05-05 15:57:57 -0700
commitd58b7955871213a4d0d4b77d080f6fc716350054 (patch)
treee6b190cb09e15c6d88db7bdb9e65e7184b1e0ea5 /source3
parentc6ebab846d25563d051b1a1248ea288ba7eb0bcb (diff)
downloadsamba-d58b7955871213a4d0d4b77d080f6fc716350054.tar.gz
samba-d58b7955871213a4d0d4b77d080f6fc716350054.tar.bz2
samba-d58b7955871213a4d0d4b77d080f6fc716350054.zip
Move to MS-FSA algorithm when checking for invalid lock range.
Satisfies SMB and SMB2. Jeremy.
Diffstat (limited to 'source3')
-rw-r--r--source3/locking/brlock.c13
-rw-r--r--source3/smbd/smb2_lock.c7
2 files changed, 6 insertions, 14 deletions
diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c
index ee0eaf5198..8250e5a9d4 100644
--- a/source3/locking/brlock.c
+++ b/source3/locking/brlock.c
@@ -333,12 +333,12 @@ NTSTATUS brl_lock_windows_default(struct byte_range_lock *br_lck,
SMB_ASSERT(plock->lock_type != UNLOCK_LOCK);
- for (i=0; i < br_lck->num_locks; i++) {
- if (locks[i].start + locks[i].size < locks[i].start) {
- /* 64-bit wrap. Error. */
- return NT_STATUS_INVALID_LOCK_RANGE;
- }
+ if ((plock->start + plock->size - 1 < plock->start) &&
+ plock->size != 0) {
+ return NT_STATUS_INVALID_LOCK_RANGE;
+ }
+ for (i=0; i < br_lck->num_locks; i++) {
/* Do any Windows or POSIX locks conflict ? */
if (brl_conflict(&locks[i], plock)) {
/* Remember who blocked us. */
@@ -716,8 +716,7 @@ static NTSTATUS brl_lock_posix(struct messaging_context *msg_ctx,
}
/* Don't allow 64-bit lock wrap. */
- if (plock->start + plock->size < plock->start ||
- plock->start + plock->size < plock->size) {
+ if (plock->start + plock->size - 1 < plock->start) {
return NT_STATUS_INVALID_PARAMETER;
}
diff --git a/source3/smbd/smb2_lock.c b/source3/smbd/smb2_lock.c
index 9e699159ff..7b01889c46 100644
--- a/source3/smbd/smb2_lock.c
+++ b/source3/smbd/smb2_lock.c
@@ -277,7 +277,6 @@ static struct tevent_req *smbd_smb2_lock_send(TALLOC_CTX *mem_ctx,
}
for (i=0; i<in_lock_count; i++) {
- uint64_t max_count;
bool invalid = false;
switch (in_locks[i].flags) {
@@ -346,12 +345,6 @@ static struct tevent_req *smbd_smb2_lock_send(TALLOC_CTX *mem_ctx,
} else {
locks[i].brltype = UNLOCK_LOCK;
}
-
- max_count = UINT64_MAX - locks[i].offset;
- if (locks[i].count > max_count) {
- tevent_req_nterror(req, NT_STATUS_INVALID_LOCK_RANGE);
- return tevent_req_post(req, ev);
- }
}
state->locks = locks;