diff options
| author | Pavel Shilovsky <pshilovsky@samba.org> | 2013-07-09 11:44:56 -0400 |
|---|---|---|
| committer | Steve French <smfrench@gmail.com> | 2013-07-10 14:08:39 -0400 |
| commit | fd55439638a27e34d87b91d618c0ba6b42302940 (patch) | |
| tree | 3b448d011f80e69ce1954d7e48519eea57c71185 /fs | |
| parent | 6658b9f70ebca5fc0795b1d6d733996af1e2caa7 (diff) | |
CIFS: Fix lease context buffer parsing
to prevent missing RqLs context if it's not the first one.
Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steven French <steven@steven-GA-970A-DS3.(none)>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/cifs/smb2pdu.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 2b312e4eeaa6..19fafeb767fa 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c | |||
| @@ -853,23 +853,24 @@ parse_lease_state(struct smb2_create_rsp *rsp) | |||
| 853 | char *data_offset; | 853 | char *data_offset; |
| 854 | struct create_lease *lc; | 854 | struct create_lease *lc; |
| 855 | bool found = false; | 855 | bool found = false; |
| 856 | unsigned int next = 0; | ||
| 857 | char *name; | ||
| 856 | 858 | ||
| 857 | data_offset = (char *)rsp; | 859 | data_offset = (char *)rsp + 4 + le32_to_cpu(rsp->CreateContextsOffset); |
| 858 | data_offset += 4 + le32_to_cpu(rsp->CreateContextsOffset); | ||
| 859 | lc = (struct create_lease *)data_offset; | 860 | lc = (struct create_lease *)data_offset; |
| 860 | do { | 861 | do { |
| 861 | char *name = le16_to_cpu(lc->ccontext.NameOffset) + (char *)lc; | 862 | lc = (struct create_lease *)((char *)lc + next); |
| 863 | name = le16_to_cpu(lc->ccontext.NameOffset) + (char *)lc; | ||
| 862 | if (le16_to_cpu(lc->ccontext.NameLength) != 4 || | 864 | if (le16_to_cpu(lc->ccontext.NameLength) != 4 || |
| 863 | strncmp(name, "RqLs", 4)) { | 865 | strncmp(name, "RqLs", 4)) { |
| 864 | lc = (struct create_lease *)((char *)lc | 866 | next = le32_to_cpu(lc->ccontext.Next); |
| 865 | + le32_to_cpu(lc->ccontext.Next)); | ||
| 866 | continue; | 867 | continue; |
| 867 | } | 868 | } |
| 868 | if (lc->lcontext.LeaseFlags & SMB2_LEASE_FLAG_BREAK_IN_PROGRESS) | 869 | if (lc->lcontext.LeaseFlags & SMB2_LEASE_FLAG_BREAK_IN_PROGRESS) |
| 869 | return SMB2_OPLOCK_LEVEL_NOCHANGE; | 870 | return SMB2_OPLOCK_LEVEL_NOCHANGE; |
| 870 | found = true; | 871 | found = true; |
| 871 | break; | 872 | break; |
| 872 | } while (le32_to_cpu(lc->ccontext.Next) != 0); | 873 | } while (next != 0); |
| 873 | 874 | ||
| 874 | if (!found) | 875 | if (!found) |
| 875 | return 0; | 876 | return 0; |