From 186ea099c5d07c8f229909bd94fafc179f8dcc2a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 27 Nov 2009 18:08:51 +1100 Subject: s4-ntvfs: move valid lock range test from smb2 layer to generic code win7 also fails invalid lock ranges on SMB --- source4/ntvfs/common/brlock_tdb.c | 19 +++++++++++++++++++ source4/ntvfs/ntvfs_generic.c | 6 ------ 2 files changed, 19 insertions(+), 6 deletions(-) (limited to 'source4') diff --git a/source4/ntvfs/common/brlock_tdb.c b/source4/ntvfs/common/brlock_tdb.c index 299400b96c..df95d4c4c6 100644 --- a/source4/ntvfs/common/brlock_tdb.c +++ b/source4/ntvfs/common/brlock_tdb.c @@ -80,6 +80,13 @@ struct brl_handle { struct lock_struct last_lock; }; +/* see if we have wrapped locks, which are no longer allowed (windows + * changed this in win7 */ +static bool brl_invalid_lock_range(uint64_t start, uint64_t size) +{ + return (size > 1 && (start + size < start)); +} + /* Open up the brlock.tdb database. Close it down using talloc_free(). We need the messaging_ctx to allow for @@ -299,6 +306,10 @@ static NTSTATUS brl_tdb_lock(struct brl_context *brl, kbuf.dptr = brlh->key.data; kbuf.dsize = brlh->key.length; + if (brl_invalid_lock_range(start, size)) { + return NT_STATUS_INVALID_LOCK_RANGE; + } + if (tdb_chainlock(brl->w->tdb, kbuf) != 0) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -449,6 +460,10 @@ static NTSTATUS brl_tdb_unlock(struct brl_context *brl, kbuf.dptr = brlh->key.data; kbuf.dsize = brlh->key.length; + if (brl_invalid_lock_range(start, size)) { + return NT_STATUS_INVALID_LOCK_RANGE; + } + if (tdb_chainlock(brl->w->tdb, kbuf) != 0) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -620,6 +635,10 @@ static NTSTATUS brl_tdb_locktest(struct brl_context *brl, kbuf.dptr = brlh->key.data; kbuf.dsize = brlh->key.length; + if (brl_invalid_lock_range(start, size)) { + return NT_STATUS_INVALID_LOCK_RANGE; + } + dbuf = tdb_fetch(brl->w->tdb, kbuf); if (dbuf.dptr == NULL) { return NT_STATUS_OK; diff --git a/source4/ntvfs/ntvfs_generic.c b/source4/ntvfs/ntvfs_generic.c index d564db72ff..3319539b63 100644 --- a/source4/ntvfs/ntvfs_generic.c +++ b/source4/ntvfs/ntvfs_generic.c @@ -1116,12 +1116,6 @@ NTSTATUS ntvfs_map_lock(struct ntvfs_module_context *ntvfs, isunlock = false; } for (i=0;ismb2.in.lock_count;i++) { - if (lck->smb2.in.locks[i].length > 1 && - lck->smb2.in.locks[i].offset + - lck->smb2.in.locks[i].length < - lck->smb2.in.locks[i].offset) { - return NT_STATUS_INVALID_LOCK_RANGE; - } if (lck->smb2.in.locks[i].flags == SMB2_LOCK_FLAG_NONE) { return NT_STATUS_INVALID_PARAMETER; } -- cgit