summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-11-26 16:53:51 +1100
committerAndrew Tridgell <tridge@samba.org>2009-11-27 16:05:05 +1100
commit04f235a9ebf45422c6ec2a971268c2c38dc081ad (patch)
tree6a33bb85f5a9bb8c0155ca888c55d19eb1f81db4 /source4
parentaa4c51602383d50b0801d854e752b575c70f7657 (diff)
downloadsamba-04f235a9ebf45422c6ec2a971268c2c38dc081ad.tar.gz
samba-04f235a9ebf45422c6ec2a971268c2c38dc081ad.tar.bz2
samba-04f235a9ebf45422c6ec2a971268c2c38dc081ad.zip
s4-smb2: check for invalid SMB2 lock ranges
Diffstat (limited to 'source4')
-rw-r--r--source4/ntvfs/ntvfs_generic.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/source4/ntvfs/ntvfs_generic.c b/source4/ntvfs/ntvfs_generic.c
index 3319539b63..d564db72ff 100644
--- a/source4/ntvfs/ntvfs_generic.c
+++ b/source4/ntvfs/ntvfs_generic.c
@@ -1116,6 +1116,12 @@ NTSTATUS ntvfs_map_lock(struct ntvfs_module_context *ntvfs,
isunlock = false;
}
for (i=0;i<lck->smb2.in.lock_count;i++) {
+ if (lck->smb2.in.locks[i].length > 1 &&
+ lck->smb2.in.locks[i].offset +
+ lck->smb2.in.locks[i].length <
+ lck->smb2.in.locks[i].offset) {
+ return NT_STATUS_INVALID_LOCK_RANGE;
+ }
if (lck->smb2.in.locks[i].flags == SMB2_LOCK_FLAG_NONE) {
return NT_STATUS_INVALID_PARAMETER;
}