From 70696e4c1c6ac475c8feafdf22cf799b2ea16ec8 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 10 Nov 2004 19:34:50 +0000
Subject: r3663: Fix too tight checking of incoming secondary trans2 requests.
 Found by Stefan Esser <s.esser@e-matters.de>. Jeremy. (This used to be commit
 44132c39ecbf055b897b1aa7bfca4eb1731badbf)

---
 source3/smbd/trans2.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source3/smbd/trans2.c')

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 4c0d5731eb..ca2c8a060d 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -4161,7 +4161,7 @@ int reply_trans2(connection_struct *conn,
 				goto bad_param;
 			
 			if (num_params) {
-				if (param_disp + num_params >= total_params)
+				if (param_disp + num_params > total_params)
 					goto bad_param;
 				if ((param_disp + num_params < param_disp) ||
 						(param_disp + num_params < num_params))
@@ -4177,7 +4177,7 @@ int reply_trans2(connection_struct *conn,
 				memcpy( &params[param_disp], smb_base(inbuf) + param_off, num_params);
 			}
 			if (num_data) {
-				if (data_disp + num_data >= total_data)
+				if (data_disp + num_data > total_data)
 					goto bad_param;
 				if ((data_disp + num_data < data_disp) ||
 						(data_disp + num_data < num_data))
-- 
cgit