diff options
Diffstat (limited to 'fs/cifs')
-rw-r--r-- | fs/cifs/transport.c | 61 |
1 files changed, 31 insertions, 30 deletions
diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c index 0fe2527ce459..7e10b13d130b 100644 --- a/fs/cifs/transport.c +++ b/fs/cifs/transport.c | |||
@@ -1067,41 +1067,42 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon, | |||
1067 | 1067 | ||
1068 | /* rcvd frame is ok */ | 1068 | /* rcvd frame is ok */ |
1069 | 1069 | ||
1070 | if (midQ->resp_buf && out_buf | 1070 | if ((midQ->resp_buf == NULL) || (out_buf == NULL) |
1071 | && (midQ->midState == MID_RESPONSE_RECEIVED)) { | 1071 | || (midQ->midState != MID_RESPONSE_RECEIVED)) { |
1072 | out_buf->smb_buf_length = receive_len; | 1072 | rc = -EIO; |
1073 | memcpy((char *)out_buf + 4, | 1073 | cERROR(1, ("Bad MID state?")); |
1074 | (char *)midQ->resp_buf + 4, | 1074 | goto out; |
1075 | receive_len); | 1075 | } |
1076 | 1076 | ||
1077 | dump_smb(out_buf, 92); | 1077 | out_buf->smb_buf_length = receive_len; |
1078 | /* convert the length into a more usable form */ | 1078 | memcpy((char *)out_buf + 4, |
1079 | if ((receive_len > 24) && | 1079 | (char *)midQ->resp_buf + 4, |
1080 | (ses->server->secMode & (SECMODE_SIGN_REQUIRED | | 1080 | receive_len); |
1081 | SECMODE_SIGN_ENABLED))) { | 1081 | |
1082 | rc = cifs_verify_signature(out_buf, | 1082 | dump_smb(out_buf, 92); |
1083 | &ses->server->mac_signing_key, | 1083 | /* convert the length into a more usable form */ |
1084 | midQ->sequence_number+1); | 1084 | if ((receive_len > 24) && |
1085 | if (rc) { | 1085 | (ses->server->secMode & (SECMODE_SIGN_REQUIRED | |
1086 | cERROR(1, ("Unexpected SMB signature")); | 1086 | SECMODE_SIGN_ENABLED))) { |
1087 | /* BB FIXME add code to kill session */ | 1087 | rc = cifs_verify_signature(out_buf, |
1088 | } | 1088 | &ses->server->mac_signing_key, |
1089 | midQ->sequence_number+1); | ||
1090 | if (rc) { | ||
1091 | cERROR(1, ("Unexpected SMB signature")); | ||
1092 | /* BB FIXME add code to kill session */ | ||
1089 | } | 1093 | } |
1094 | } | ||
1090 | 1095 | ||
1091 | *pbytes_returned = out_buf->smb_buf_length; | 1096 | *pbytes_returned = out_buf->smb_buf_length; |
1092 | 1097 | ||
1093 | /* BB special case reconnect tid and uid here? */ | 1098 | /* BB special case reconnect tid and uid here? */ |
1094 | rc = map_smb_to_linux_error(out_buf, 0 /* no log */ ); | 1099 | rc = map_smb_to_linux_error(out_buf, 0 /* no log */ ); |
1095 | 1100 | ||
1096 | /* convert ByteCount if necessary */ | 1101 | /* convert ByteCount if necessary */ |
1097 | if (receive_len >= sizeof(struct smb_hdr) - 4 | 1102 | if (receive_len >= sizeof(struct smb_hdr) - 4 |
1098 | /* do not count RFC1001 header */ + | 1103 | /* do not count RFC1001 header */ + |
1099 | (2 * out_buf->WordCount) + 2 /* bcc */ ) | 1104 | (2 * out_buf->WordCount) + 2 /* bcc */ ) |
1100 | BCC(out_buf) = le16_to_cpu(BCC_LE(out_buf)); | 1105 | BCC(out_buf) = le16_to_cpu(BCC_LE(out_buf)); |
1101 | } else { | ||
1102 | rc = -EIO; | ||
1103 | cERROR(1, ("Bad MID state?")); | ||
1104 | } | ||
1105 | 1106 | ||
1106 | out: | 1107 | out: |
1107 | DeleteMidQEntry(midQ); | 1108 | DeleteMidQEntry(midQ); |