From: NeilBrown <neilb@cse.unsw.edu.au>



---

 fs/nfsd/nfs4state.c |   17 +++++++++++++++++
 1 files changed, 17 insertions(+)

diff -puN fs/nfsd/nfs4state.c~knfsd-lock-length-fix fs/nfsd/nfs4state.c
--- 25/fs/nfsd/nfs4state.c~knfsd-lock-length-fix	2004-02-25 02:32:17.000000000 -0800
+++ 25-akpm/fs/nfsd/nfs4state.c	2004-02-25 02:32:17.000000000 -0800
@@ -1784,6 +1784,13 @@ out:
 	return stp;
 }
 
+int
+check_lock_length(u64 offset, u64 length)
+{
+	return ((length == 0)  || ((length != ~(u64)0) &&
+ 	     LOFF_OVERFLOW(offset, length)));
+}
+
 /*
  *  LOCK operation 
  */
@@ -1802,6 +1809,9 @@ nfsd4_lock(struct svc_rqst *rqstp, struc
 		(long long) lock->lk_offset,
 		(long long) lock->lk_length);
 
+	if (check_lock_length(lock->lk_offset, lock->lk_length))
+		 return nfserr_inval;
+
 	lock->lk_stateowner = NULL;
 	nfs4_lock_state();
 
@@ -1963,6 +1973,9 @@ nfsd4_lockt(struct svc_rqst *rqstp, stru
 	unsigned int strhashval;
 	int status;
 
+	if (check_lock_length(lockt->lt_offset, lockt->lt_length))
+		 return nfserr_inval;
+
 	lockt->lt_stateowner = NULL;
 	nfs4_lock_state();
 
@@ -2049,6 +2062,10 @@ nfsd4_locku(struct svc_rqst *rqstp, stru
 	dprintk("NFSD: nfsd4_locku: start=%Ld length=%Ld\n",
 		(long long) locku->lu_offset,
 		(long long) locku->lu_length);
+
+	if (check_lock_length(locku->lu_offset, locku->lu_length))
+		 return nfserr_inval;
+
 	nfs4_lock_state();
 									        
 	if ((status = nfs4_preprocess_seqid_op(current_fh, 

_