From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 26 Nov 2009 05:53:51 +0000 (+1100)
Subject: s4-smb2: check for invalid SMB2 lock ranges
X-Git-Tag: samba-4.0.0alpha9~134
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=04f235a9ebf45422c6ec2a971268c2c38dc081ad;p=thirdparty%2Fsamba.git

s4-smb2: check for invalid SMB2 lock ranges
---

diff --git a/source4/ntvfs/ntvfs_generic.c b/source4/ntvfs/ntvfs_generic.c
index 3319539b63d..d564db72ff2 100644
--- a/source4/ntvfs/ntvfs_generic.c
+++ b/source4/ntvfs/ntvfs_generic.c
@@ -1116,6 +1116,12 @@ NTSTATUS ntvfs_map_lock(struct ntvfs_module_context *ntvfs,
 			isunlock = false;
 		}
 		for (i=0;i<lck->smb2.in.lock_count;i++) {
+			if (lck->smb2.in.locks[i].length > 1 &&
+			    lck->smb2.in.locks[i].offset +
+			    lck->smb2.in.locks[i].length <
+			    lck->smb2.in.locks[i].offset) {
+				return NT_STATUS_INVALID_LOCK_RANGE;
+			}
 			if (lck->smb2.in.locks[i].flags == SMB2_LOCK_FLAG_NONE) {
 				return NT_STATUS_INVALID_PARAMETER;
 			}