aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fs/cifs/transport.c31
1 files changed, 12 insertions, 19 deletions
diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
index 4d076be46d90..e80210693ff7 100644
--- a/fs/cifs/transport.c
+++ b/fs/cifs/transport.c
@@ -687,6 +687,12 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses,
687 to the same server. We may make this configurable later or 687 to the same server. We may make this configurable later or
688 use ses->maxReq */ 688 use ses->maxReq */
689 689
690 if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
691 cERROR(1, ("Illegal length, greater than maximum frame, %d",
692 in_buf->smb_buf_length));
693 return -EIO;
694 }
695
690 rc = wait_for_free_request(ses, long_op); 696 rc = wait_for_free_request(ses, long_op);
691 if (rc) 697 if (rc)
692 return rc; 698 return rc;
@@ -706,17 +712,6 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses,
706 return rc; 712 return rc;
707 } 713 }
708 714
709 if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
710 cERROR(1, ("Illegal length, greater than maximum frame, %d",
711 in_buf->smb_buf_length));
712 DeleteMidQEntry(midQ);
713 mutex_unlock(&ses->server->srv_mutex);
714 /* Update # of requests on wire to server */
715 atomic_dec(&ses->server->inFlight);
716 wake_up(&ses->server->request_q);
717 return -EIO;
718 }
719
720 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number); 715 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
721 716
722 midQ->midState = MID_REQUEST_SUBMITTED; 717 midQ->midState = MID_REQUEST_SUBMITTED;
@@ -925,6 +920,12 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon,
925 to the same server. We may make this configurable later or 920 to the same server. We may make this configurable later or
926 use ses->maxReq */ 921 use ses->maxReq */
927 922
923 if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
924 cERROR(1, ("Illegal length, greater than maximum frame, %d",
925 in_buf->smb_buf_length));
926 return -EIO;
927 }
928
928 rc = wait_for_free_request(ses, CIFS_BLOCKING_OP); 929 rc = wait_for_free_request(ses, CIFS_BLOCKING_OP);
929 if (rc) 930 if (rc)
930 return rc; 931 return rc;
@@ -941,14 +942,6 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon,
941 return rc; 942 return rc;
942 } 943 }
943 944
944 if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
945 mutex_unlock(&ses->server->srv_mutex);
946 cERROR(1, ("Illegal length, greater than maximum frame, %d",
947 in_buf->smb_buf_length));
948 DeleteMidQEntry(midQ);
949 return -EIO;
950 }
951
952 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number); 945 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
953 946
954 midQ->midState = MID_REQUEST_SUBMITTED; 947 midQ->midState = MID_REQUEST_SUBMITTED;