diff options
Diffstat (limited to 'fs/cifs/misc.c')
-rw-r--r-- | fs/cifs/misc.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index ca27a82c54cd..94baf6c8ecbd 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c | |||
@@ -397,12 +397,12 @@ checkSMBhdr(struct smb_hdr *smb, __u16 mid) | |||
397 | if(smb->Command == SMB_COM_LOCKING_ANDX) | 397 | if(smb->Command == SMB_COM_LOCKING_ANDX) |
398 | return 0; | 398 | return 0; |
399 | else | 399 | else |
400 | cERROR(1, ("Rcvd Request not response ")); | 400 | cERROR(1, ("Rcvd Request not response")); |
401 | } | 401 | } |
402 | } else { /* bad signature or mid */ | 402 | } else { /* bad signature or mid */ |
403 | if (*(__le32 *) smb->Protocol != cpu_to_le32(0x424d53ff)) | 403 | if (*(__le32 *) smb->Protocol != cpu_to_le32(0x424d53ff)) |
404 | cERROR(1, | 404 | cERROR(1, |
405 | ("Bad protocol string signature header %x ", | 405 | ("Bad protocol string signature header %x", |
406 | *(unsigned int *) smb->Protocol)); | 406 | *(unsigned int *) smb->Protocol)); |
407 | if (mid != smb->Mid) | 407 | if (mid != smb->Mid) |
408 | cERROR(1, ("Mids do not match")); | 408 | cERROR(1, ("Mids do not match")); |
@@ -417,7 +417,7 @@ checkSMB(struct smb_hdr *smb, __u16 mid, int length) | |||
417 | __u32 len = smb->smb_buf_length; | 417 | __u32 len = smb->smb_buf_length; |
418 | __u32 clc_len; /* calculated length */ | 418 | __u32 clc_len; /* calculated length */ |
419 | cFYI(0, | 419 | cFYI(0, |
420 | ("Entering checkSMB with Length: %x, smb_buf_length: %x ", | 420 | ("Entering checkSMB with Length: %x, smb_buf_length: %x", |
421 | length, len)); | 421 | length, len)); |
422 | if (((unsigned int)length < 2 + sizeof (struct smb_hdr)) || | 422 | if (((unsigned int)length < 2 + sizeof (struct smb_hdr)) || |
423 | (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4)) { | 423 | (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4)) { |
@@ -451,9 +451,16 @@ checkSMB(struct smb_hdr *smb, __u16 mid, int length) | |||
451 | cERROR(1, ("bad smb size detected for Mid=%d", smb->Mid)); | 451 | cERROR(1, ("bad smb size detected for Mid=%d", smb->Mid)); |
452 | /* Windows XP can return a few bytes too much, presumably | 452 | /* Windows XP can return a few bytes too much, presumably |
453 | an illegal pad, at the end of byte range lock responses | 453 | an illegal pad, at the end of byte range lock responses |
454 | so we allow for up to eight byte pad, as long as actual | 454 | so we allow for that three byte pad, as long as actual |
455 | received length is as long or longer than calculated length */ | 455 | received length is as long or longer than calculated length */ |
456 | if((4+len > clc_len) && (len <= clc_len + 3)) | 456 | /* We have now had to extend this more, since there is a |
457 | case in which it needs to be bigger still to handle a | ||
458 | malformed response to transact2 findfirst from WinXP when | ||
459 | access denied is returned and thus bcc and wct are zero | ||
460 | but server says length is 0x21 bytes too long as if the server | ||
461 | forget to reset the smb rfc1001 length when it reset the | ||
462 | wct and bcc to minimum size and drop the t2 parms and data */ | ||
463 | if((4+len > clc_len) && (len <= clc_len + 512)) | ||
457 | return 0; | 464 | return 0; |
458 | else | 465 | else |
459 | return 1; | 466 | return 1; |