Ensure we total up the correct number of creds requested in a compound request.

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index c64f82f407ad67240798e484bd07d5b6a31d1baa..7fd3ef4034c065378c7bd7861a8a72d61e75cde8 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -249,6 +249,7 @@ static NTSTATUS smbd_smb2_request_validate(struct smbd_smb2_request *req,
        }
 
        for (idx=1; idx < count; idx += 3) {
+               uint16_t creds_requested = 0;
                const uint8_t *inhdr = NULL;
                uint32_t flags;
 
@@ -267,7 +268,12 @@ static NTSTATUS smbd_smb2_request_validate(struct smbd_smb2_request *req,
                        return NT_STATUS_INVALID_PARAMETER;
                }
 
-               *p_creds_requested = SVAL(inhdr, SMB2_HDR_CREDIT);
+               creds_requested = SVAL(inhdr, SMB2_HDR_CREDIT);
+               if (*p_creds_requested + creds_requested < creds_requested) {
+                       *p_creds_requested = 65535;
+               } else {
+                       *p_creds_requested += creds_requested;
+               }
 
                flags = IVAL(inhdr, SMB2_HDR_FLAGS);
                if (idx == 1) {