From 17c8907d9c2a89a1f3d271aa58a5d4494a0d4653 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 10 Nov 2004 20:37:14 +0000 Subject: r3666: Generalise fix for trans and nttrans multi-fragment requests. Jeremy (This used to be commit 10b2489e3b2345a8532098523ebcebb73665a76f) --- source3/smbd/ipc.c | 4 ++-- source3/smbd/nttrans.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index e5465b902c..35e670c9fa 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -502,7 +502,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int goto bad_param; if (pcnt) { - if (pdisp+pcnt >= tpscnt) + if (pdisp+pcnt > tpscnt) goto bad_param; if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt)) goto bad_param; @@ -518,7 +518,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int } if (dcnt) { - if (ddisp+dcnt >= tdscnt) + if (ddisp+dcnt > tdscnt) goto bad_param; if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt)) goto bad_param; diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index eaaf68d689..e20e433abc 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -2825,7 +2825,7 @@ due to being in oplock break state.\n", (unsigned int)function_code )); } if (parameter_count) { - if (parameter_displacement + parameter_count >= total_parameter_count) + if (parameter_displacement + parameter_count > total_parameter_count) goto bad_param; if ((parameter_displacement + parameter_count < parameter_displacement) || (parameter_displacement + parameter_count < parameter_count)) @@ -2842,7 +2842,7 @@ due to being in oplock break state.\n", (unsigned int)function_code )); } if (data_count) { - if (data_displacement + data_count >= total_data_count) + if (data_displacement + data_count > total_data_count) goto bad_param; if ((data_displacement + data_count < data_displacement) || (data_displacement + data_count < data_count)) -- cgit