Fix the offset checks in the trans routines

[samba.git] / source / smbd / ipc.c

diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c
index 6961a5caf15ac17fddf0600124325f9ed6f0e486..a53bc5bea2aea6ae9c0101063704476044f93eeb 100644 (file)
--- a/source/smbd/ipc.c
+++ b/source/smbd/ipc.c
@@ -764,10 +764,10 @@ void reply_transs(struct smb_request *req)
                        goto bad_param;
                }
 
-               if (ddisp > av_size ||
+               if (doff > av_size ||
                                dcnt > av_size ||
-                               ddisp+dcnt > av_size ||
-                               ddisp+dcnt < ddisp) {
+                               doff+dcnt > av_size ||
+                               doff+dcnt < doff) {
                        goto bad_param;
                }