[PATCH] cifs: Fix invalid check in __cifs_calc_signature()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following check would never evaluate to true:
  > if (i == 0 && iov[0].iov_len <= 4)

Because 'i' always starts at 1.

This patch fixes it and also move the header checks outside the for loop
- which makes more sense.

Signed-off-by: Paulo Alcantara <palcantara@xxxxxxx>
---
 fs/cifs/cifsencrypt.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index f23ff848b158..ee2a8ec70056 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -48,26 +48,23 @@ int __cifs_calc_signature(struct smb_rqst *rqst,
 
 	/* iov[0] is actual data and not the rfc1002 length for SMB2+ */
 	if (is_smb2) {
-		rc = crypto_shash_update(shash,
-					 iov[0].iov_base, iov[0].iov_len);
+		if (iov[0].iov_len <= 4)
+			return -EIO;
+		i = 0;
 	} else {
 		if (n_vec < 2 || iov[0].iov_len != 4)
 			return -EIO;
+		i = 1; /* skip rfc1002 length */
 	}
 
-	for (i = 1; i < n_vec; i++) {
+	for (; i < n_vec; i++) {
 		if (iov[i].iov_len == 0)
 			continue;
 		if (iov[i].iov_base == NULL) {
 			cifs_dbg(VFS, "null iovec entry\n");
 			return -EIO;
 		}
-		if (is_smb2) {
-			if (i == 0 && iov[0].iov_len <= 4)
-				break; /* nothing to sign or corrupt header */
-		} else
-			if (i == 1 && iov[1].iov_len <= 4)
-				break; /* nothing to sign or corrupt header */
+
 		rc = crypto_shash_update(shash,
 					 iov[i].iov_base, iov[i].iov_len);
 		if (rc) {
-- 
2.17.1

--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux