--- source/tdb/tdb.c.orig	2004-02-11 07:38:05.000000000 -0500
+++ source/tdb/tdb.c	2004-02-11 09:41:48.000000000 -0500
@@ -181,7 +181,11 @@
 static int tdb_brlock(TDB_CONTEXT *tdb, tdb_off offset, 
 		      int rw_type, int lck_type, int probe)
 {
+#ifdef SMB_STRUCT_FLOCK
+	SMB_STRUCT_FLOCK fl;
+#else
 	struct flock fl;
+#endif
 	int ret;
 
 	if (tdb->flags & TDB_NOLOCK)
@@ -234,11 +238,11 @@
 	if (tdb->locked[list+1].count == 0) {
 		if (!tdb->read_only && tdb->header.rwlocks) {
 			if (tdb_spinlock(tdb, list, ltype)) {
-				TDB_LOG((tdb, 0, "tdb_lock spinlock failed on list ltype=%d\n", 
+				TDB_LOG((tdb, 0, "tdb_lock spinlock failed on list %d ltype=%d\n", 
 					   list, ltype));
 				return -1;
 			}
-		} else if (tdb_brlock(tdb,FREELIST_TOP+4*list,ltype,F_SETLKW, 0)) {
+		} else if (tdb_brlock(tdb, FREELIST_TOP + (list+1)*sizeof(tdb_off), ltype, F_SETLKW, 0)) {
 			TDB_LOG((tdb, 0,"tdb_lock failed on list %d ltype=%d (%s)\n", 
 					   list, ltype, strerror(errno)));
 			return -1;
@@ -275,7 +279,7 @@
 		if (!tdb->read_only && tdb->header.rwlocks) {
 			ret = tdb_spinunlock(tdb, list, ltype);
 		} else {
-			ret = tdb_brlock(tdb, FREELIST_TOP+4*list, F_UNLCK, F_SETLKW, 0);
+			ret = tdb_brlock(tdb, FREELIST_TOP + (list+1)*sizeof(tdb_off), F_UNLCK, F_SETLKW, 0);
 		}
 	} else {
 		ret = 0;
@@ -435,7 +439,7 @@
 	if (rec->magic == TDB_MAGIC) {
 		/* this happens when a app is showdown while deleting a record - we should
 		   not completely fail when this happens */
-		TDB_LOG((tdb, 0,"rec_free_read non-free magic at offset=%d - fixing\n", 
+		TDB_LOG((tdb, 0,"rec_free_read non-free magic 0x%x at offset=%u - fixing\n",
 			 rec->magic, off));
 		rec->magic = TDB_FREE_MAGIC;
 		if (tdb_write(tdb, off, rec, sizeof(*rec)) == -1)
@@ -596,13 +600,13 @@
 
 	/* set an initial tailer, so if we fail we don't leave a bogus record */
 	if (update_tailer(tdb, offset, rec) != 0) {
-		TDB_LOG((tdb, 0, "tdb_free: upfate_tailer failed!\n"));
+		TDB_LOG((tdb, 0, "tdb_free: update_tailer failed!\n"));
 		goto fail;
 	}
 
 	/* Look right first (I'm an Australian, dammit) */
 	right = offset + sizeof(*rec) + rec->rec_len;
-	if (right + sizeof(*rec) <= tdb->map_size) {
+	if (!tdb_oob(tdb, right + sizeof(*rec), 1)) {
 		struct list_struct r;
 
 		if (tdb_read(tdb, right, &r, sizeof(r), DOCONV()) == -1) {