aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs/misc.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/cifs/misc.c')
-rw-r--r--fs/cifs/misc.c17
1 files changed, 12 insertions, 5 deletions
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
index ca27a82c54cd..94baf6c8ecbd 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -397,12 +397,12 @@ checkSMBhdr(struct smb_hdr *smb, __u16 mid)
397 if(smb->Command == SMB_COM_LOCKING_ANDX) 397 if(smb->Command == SMB_COM_LOCKING_ANDX)
398 return 0; 398 return 0;
399 else 399 else
400 cERROR(1, ("Rcvd Request not response ")); 400 cERROR(1, ("Rcvd Request not response"));
401 } 401 }
402 } else { /* bad signature or mid */ 402 } else { /* bad signature or mid */
403 if (*(__le32 *) smb->Protocol != cpu_to_le32(0x424d53ff)) 403 if (*(__le32 *) smb->Protocol != cpu_to_le32(0x424d53ff))
404 cERROR(1, 404 cERROR(1,
405 ("Bad protocol string signature header %x ", 405 ("Bad protocol string signature header %x",
406 *(unsigned int *) smb->Protocol)); 406 *(unsigned int *) smb->Protocol));
407 if (mid != smb->Mid) 407 if (mid != smb->Mid)
408 cERROR(1, ("Mids do not match")); 408 cERROR(1, ("Mids do not match"));
@@ -417,7 +417,7 @@ checkSMB(struct smb_hdr *smb, __u16 mid, int length)
417 __u32 len = smb->smb_buf_length; 417 __u32 len = smb->smb_buf_length;
418 __u32 clc_len; /* calculated length */ 418 __u32 clc_len; /* calculated length */
419 cFYI(0, 419 cFYI(0,
420 ("Entering checkSMB with Length: %x, smb_buf_length: %x ", 420 ("Entering checkSMB with Length: %x, smb_buf_length: %x",
421 length, len)); 421 length, len));
422 if (((unsigned int)length < 2 + sizeof (struct smb_hdr)) || 422 if (((unsigned int)length < 2 + sizeof (struct smb_hdr)) ||
423 (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4)) { 423 (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4)) {
@@ -451,9 +451,16 @@ checkSMB(struct smb_hdr *smb, __u16 mid, int length)
451 cERROR(1, ("bad smb size detected for Mid=%d", smb->Mid)); 451 cERROR(1, ("bad smb size detected for Mid=%d", smb->Mid));
452 /* Windows XP can return a few bytes too much, presumably 452 /* Windows XP can return a few bytes too much, presumably
453 an illegal pad, at the end of byte range lock responses 453 an illegal pad, at the end of byte range lock responses
454 so we allow for up to eight byte pad, as long as actual 454 so we allow for that three byte pad, as long as actual
455 received length is as long or longer than calculated length */ 455 received length is as long or longer than calculated length */
456 if((4+len > clc_len) && (len <= clc_len + 3)) 456 /* We have now had to extend this more, since there is a
457 case in which it needs to be bigger still to handle a
458 malformed response to transact2 findfirst from WinXP when
459 access denied is returned and thus bcc and wct are zero
460 but server says length is 0x21 bytes too long as if the server
461 forget to reset the smb rfc1001 length when it reset the
462 wct and bcc to minimum size and drop the t2 parms and data */
463 if((4+len > clc_len) && (len <= clc_len + 512))
457 return 0; 464 return 0;
458 else 465 else
459 return 1; 466 return 1;