The 32-bit rfc1002 header field consists of a type byte and then a
24-bit length field, but get_rfc1002_length doesn't mask off the top
byte.
In most cases, it's not a problem since the RFC1002_SESSION_MESSAGE type
is '\0', but when doing a RFC1002 session establishment, the type is
non-zero and that throws off the returned length in smb_send_rqst.
Reported-by: klaus@xxxxxxxxx
Tested-by: Sachin Prabhu <sprabhu@xxxxxxxxxx>
Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
---
fs/cifs/cifsglob.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index e7fe49e..45376a4 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -506,7 +506,7 @@ struct cifs_mnt_data {
static inline unsigned int
get_rfc1002_length(void *buf)
{
- return be32_to_cpu(*((__be32 *)buf));
+ return be32_to_cpu(*((__be32 *)buf)) & 0xffffff;
}
static inline void
--
1.8.5.3
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
