From 7c158bdb1d0e217e06f54d2e2cef12a5433d3578 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 26 Nov 2009 17:38:11 +1100
Subject: s4-smb2: sequence numbers are not checked in SMB2_OP_CANCEL

---
 source4/smb_server/smb2/receive.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'source4/smb_server/smb2')

diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c
index abcf172738..d26be41e6f 100644
--- a/source4/smb_server/smb2/receive.c
+++ b/source4/smb_server/smb2/receive.c
@@ -322,7 +322,8 @@ static NTSTATUS smb2srv_reply(struct smb2srv_request *req)
 	uid			= BVAL(req->in.hdr, SMB2_HDR_SESSION_ID);
 	flags			= IVAL(req->in.hdr, SMB2_HDR_FLAGS);
 
-	if (req->smb_conn->highest_smb2_seqnum != 0 &&
+	if (opcode != SMB2_OP_CANCEL &&
+	    req->smb_conn->highest_smb2_seqnum != 0 &&
 	    req->seqnum <= req->smb_conn->highest_smb2_seqnum) {
 		smbsrv_terminate_connection(req->smb_conn, "Invalid SMB2 sequence number");
 		return NT_STATUS_INVALID_PARAMETER;
-- 
cgit