diff options
| author | Andrew Tridgell <tridge@samba.org> | 2009-11-26 16:53:51 +1100 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2009-11-27 16:05:05 +1100 |
| commit | 04f235a9ebf45422c6ec2a971268c2c38dc081ad (patch) | |
| tree | 6a33bb85f5a9bb8c0155ca888c55d19eb1f81db4 /source4 | |
| parent | aa4c51602383d50b0801d854e752b575c70f7657 (diff) | |
| download | samba-04f235a9ebf45422c6ec2a971268c2c38dc081ad.tar.gz samba-04f235a9ebf45422c6ec2a971268c2c38dc081ad.tar.bz2 samba-04f235a9ebf45422c6ec2a971268c2c38dc081ad.zip | |
s4-smb2: check for invalid SMB2 lock ranges
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/ntvfs/ntvfs_generic.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/source4/ntvfs/ntvfs_generic.c b/source4/ntvfs/ntvfs_generic.c index 3319539b63..d564db72ff 100644 --- a/source4/ntvfs/ntvfs_generic.c +++ b/source4/ntvfs/ntvfs_generic.c @@ -1116,6 +1116,12 @@ NTSTATUS ntvfs_map_lock(struct ntvfs_module_context *ntvfs, isunlock = false; } for (i=0;i<lck->smb2.in.lock_count;i++) { + if (lck->smb2.in.locks[i].length > 1 && + lck->smb2.in.locks[i].offset + + lck->smb2.in.locks[i].length < + lck->smb2.in.locks[i].offset) { + return NT_STATUS_INVALID_LOCK_RANGE; + } if (lck->smb2.in.locks[i].flags == SMB2_LOCK_FLAG_NONE) { return NT_STATUS_INVALID_PARAMETER; } |