aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs/misc.c
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2006-10-12 13:49:24 -0400
committerSteve French <sfrench@us.ibm.com>2006-10-12 13:49:24 -0400
commitd103e164bee2f21d0efe7d713cbbb0a443ba480d (patch)
tree88e1d33b0a247535b181ac5bbb65514a6cc63bd0 /fs/cifs/misc.c
parent230a03950ecd63bc613c6adeffbe9049189d9f05 (diff)
[CIFS] Workaround incomplete byte length returned by some
servers on small SMB responses Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/misc.c')
-rw-r--r--fs/cifs/misc.c42
1 files changed, 29 insertions, 13 deletions
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
index ca6e9b1413fa..bbc9cd34b6ea 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -418,26 +418,42 @@ checkSMBhdr(struct smb_hdr *smb, __u16 mid)
418} 418}
419 419
420int 420int
421checkSMB(struct smb_hdr *smb, __u16 mid, int length) 421checkSMB(struct smb_hdr *smb, __u16 mid, unsigned int length)
422{ 422{
423 __u32 len = smb->smb_buf_length; 423 __u32 len = smb->smb_buf_length;
424 __u32 clc_len; /* calculated length */ 424 __u32 clc_len; /* calculated length */
425 cFYI(0, ("checkSMB Length: 0x%x, smb_buf_length: 0x%x", length, len)); 425 cFYI(0, ("checkSMB Length: 0x%x, smb_buf_length: 0x%x", length, len));
426 if (((unsigned int)length < 2 + sizeof (struct smb_hdr)) || 426
427 (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4)) { 427 if (length < 2 + sizeof (struct smb_hdr)) {
428 if ((unsigned int)length < 2 + sizeof (struct smb_hdr)) { 428 if ((length >= sizeof (struct smb_hdr) - 1)
429 if (((unsigned int)length >=
430 sizeof (struct smb_hdr) - 1)
431 && (smb->Status.CifsError != 0)) { 429 && (smb->Status.CifsError != 0)) {
432 smb->WordCount = 0; 430 smb->WordCount = 0;
433 /* some error cases do not return wct and bcc */ 431 /* some error cases do not return wct and bcc */
432 return 0;
433 } else if ((length == sizeof(struct smb_hdr) + 1) &&
434 (smb->WordCount == 0)) {
435 char * tmp = (char *)smb;
436 /* Need to work around a bug in two servers here */
437 /* First, check if the part of bcc they sent was zero */
438 if (tmp[sizeof(struct smb_hdr)] == 0) {
439 /* some servers return only half of bcc
440 * on simple responses (wct, bcc both zero)
441 * in particular have seen this on
442 * ulogoffX and FindClose. This leaves
443 * one byte of bcc potentially unitialized
444 */
445 /* zero rest of bcc */
446 tmp[sizeof(struct smb_hdr)+1] = 0;
434 return 0; 447 return 0;
435 } else {
436 cERROR(1, ("Length less than smb header size"));
437 } 448 }
449 cERROR(1,("rcvd invalid byte count (bcc)"));
450 } else {
451 cERROR(1, ("Length less than smb header size"));
438 } 452 }
439 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) 453 return 1;
440 cERROR(1, ("smb length greater than MaxBufSize, mid=%d", 454 }
455 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
456 cERROR(1, ("smb length greater than MaxBufSize, mid=%d",
441 smb->Mid)); 457 smb->Mid));
442 return 1; 458 return 1;
443 } 459 }
@@ -446,7 +462,7 @@ checkSMB(struct smb_hdr *smb, __u16 mid, int length)
446 return 1; 462 return 1;
447 clc_len = smbCalcSize_LE(smb); 463 clc_len = smbCalcSize_LE(smb);
448 464
449 if(4 + len != (unsigned int)length) { 465 if(4 + len != length) {
450 cERROR(1, ("Length read does not match RFC1001 length %d",len)); 466 cERROR(1, ("Length read does not match RFC1001 length %d",len));
451 return 1; 467 return 1;
452 } 468 }