From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 26 Nov 2009 06:38:11 +0000 (+1100)
Subject: s4-smb2: sequence numbers are not checked in SMB2_OP_CANCEL
X-Git-Tag: samba-4.0.0alpha9~132
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7c158bdb1d0e217e06f54d2e2cef12a5433d3578;p=thirdparty%2Fsamba.git

s4-smb2: sequence numbers are not checked in SMB2_OP_CANCEL
---

diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c
index abcf172738b..d26be41e6f7 100644
--- a/source4/smb_server/smb2/receive.c
+++ b/source4/smb_server/smb2/receive.c
@@ -322,7 +322,8 @@ static NTSTATUS smb2srv_reply(struct smb2srv_request *req)
 	uid			= BVAL(req->in.hdr, SMB2_HDR_SESSION_ID);
 	flags			= IVAL(req->in.hdr, SMB2_HDR_FLAGS);
 
-	if (req->smb_conn->highest_smb2_seqnum != 0 &&
+	if (opcode != SMB2_OP_CANCEL &&
+	    req->smb_conn->highest_smb2_seqnum != 0 &&
 	    req->seqnum <= req->smb_conn->highest_smb2_seqnum) {
 		smbsrv_terminate_connection(req->smb_conn, "Invalid SMB2 sequence number");
 		return NT_STATUS_INVALID_PARAMETER;