From 3d113a6ffb91ccc760015b8ef74cc4ba4cbdf5fd Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 6 Apr 2010 16:31:26 -0700
Subject: Ensure we total up the correct number of creds requested in a
 compound request.

---
 source3/smbd/smb2_server.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'source3/smbd/smb2_server.c')

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index c64f82f407..7fd3ef4034 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -249,6 +249,7 @@ static NTSTATUS smbd_smb2_request_validate(struct smbd_smb2_request *req,
 	}
 
 	for (idx=1; idx < count; idx += 3) {
+		uint16_t creds_requested = 0;
 		const uint8_t *inhdr = NULL;
 		uint32_t flags;
 
@@ -267,7 +268,12 @@ static NTSTATUS smbd_smb2_request_validate(struct smbd_smb2_request *req,
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 
-		*p_creds_requested = SVAL(inhdr, SMB2_HDR_CREDIT);
+		creds_requested = SVAL(inhdr, SMB2_HDR_CREDIT);
+		if (*p_creds_requested + creds_requested < creds_requested) {
+			*p_creds_requested = 65535;
+		} else {
+			*p_creds_requested += creds_requested;
+		}
 
 		flags = IVAL(inhdr, SMB2_HDR_FLAGS);
 		if (idx == 1) {
-- 
cgit