summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2011-04-29 06:52:44 -0400
committerGreg Kroah-Hartman <gregkh@suse.de>2011-05-21 15:13:03 -0700
commitef65b13bc0be7792c8982264209d782f8ee1dd3c (patch)
treef4d0e00e1d1cde3fe292771bf20f5f7d5648ea4b
parent8004af443bb5537018555febbc93de467461abf6 (diff)
cifs: handle errors from coalesce_t2
commit 16541ba11c4f04ffe94b073e301f00b749fb84a1 upstream. cifs_demultiplex_thread calls coalesce_t2 to try and merge follow-on t2 responses into the original mid buffer. coalesce_t2 however can return errors, but the caller doesn't handle that situation properly. Fix the thread to treat such a case as it would a malformed packet. Mark the mid as being malformed and issue the callback. Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--fs/cifs/connect.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 073db5d78620..0fd3855a161a 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -631,12 +631,16 @@ incomplete_rcv:
isMultiRsp = true;
if (mid_entry->resp_buf) {
/* merge response - fix up 1st*/
- if (coalesce_t2(smb_buffer,
- mid_entry->resp_buf)) {
+ length = coalesce_t2(smb_buffer,
+ mid_entry->resp_buf);
+ if (length > 0) {
+ length = 0;
mid_entry->multiRsp = true;
break;
} else {
- /* all parts received */
+ /* all parts received or
+ * packet is malformed
+ */
mid_entry->multiEnd = true;
goto multi_t2_fnd;
}