aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs/misc.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/cifs/misc.c')
-rw-r--r--fs/cifs/misc.c27
1 files changed, 16 insertions, 11 deletions
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
index 0f3ebad09d3e..988b8cec8568 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -421,9 +421,7 @@ checkSMB(struct smb_hdr *smb, __u16 mid, int length)
421{ 421{
422 __u32 len = smb->smb_buf_length; 422 __u32 len = smb->smb_buf_length;
423 __u32 clc_len; /* calculated length */ 423 __u32 clc_len; /* calculated length */
424 cFYI(0, 424 cFYI(0, ("checkSMB Length: 0x%x, smb_buf_length: 0x%x", length, len));
425 ("Entering checkSMB with Length: %x, smb_buf_length: %x",
426 length, len));
427 if (((unsigned int)length < 2 + sizeof (struct smb_hdr)) || 425 if (((unsigned int)length < 2 + sizeof (struct smb_hdr)) ||
428 (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4)) { 426 (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4)) {
429 if ((unsigned int)length < 2 + sizeof (struct smb_hdr)) { 427 if ((unsigned int)length < 2 + sizeof (struct smb_hdr)) {
@@ -435,22 +433,29 @@ checkSMB(struct smb_hdr *smb, __u16 mid, int length)
435 } else { 433 } else {
436 cERROR(1, ("Length less than smb header size")); 434 cERROR(1, ("Length less than smb header size"));
437 } 435 }
438
439 } 436 }
440 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) 437 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4)
441 cERROR(1, 438 cERROR(1, ("smb length greater than MaxBufSize, mid=%d",
442 ("smb_buf_length greater than MaxBufSize")); 439 smb->Mid));
443 cERROR(1,
444 ("bad smb detected. Illegal length. mid=%d",
445 smb->Mid));
446 return 1; 440 return 1;
447 } 441 }
448 442
449 if (checkSMBhdr(smb, mid)) 443 if (checkSMBhdr(smb, mid))
450 return 1; 444 return 1;
451 clc_len = smbCalcSize_LE(smb); 445 clc_len = smbCalcSize_LE(smb);
452 if ((4 + len != clc_len) 446
453 || (4 + len != (unsigned int)length)) { 447 if(4 + len != (unsigned int)length) {
448 cERROR(1, ("Length read does not match RFC1001 length %d",len));
449 return 1;
450 }
451
452 if (4 + len != clc_len) {
453 /* check if bcc wrapped around for large read responses */
454 if((len > 64 * 1024) && (len > clc_len)) {
455 /* check if lengths match mod 64K */
456 if(((4 + len) & 0xFFFF) == (clc_len & 0xFFFF))
457 return 0; /* bcc wrapped */
458 }
454 cERROR(1, ("Calculated size 0x%x vs actual length 0x%x", 459 cERROR(1, ("Calculated size 0x%x vs actual length 0x%x",
455 clc_len, 4 + len)); 460 clc_len, 4 + len));
456 cERROR(1, ("bad smb size detected for Mid=%d", smb->Mid)); 461 cERROR(1, ("bad smb size detected for Mid=%d", smb->Mid));