diff options
author | Paulo Alcantara <paulo@paulo.ac> | 2018-06-15 20:58:00 +0200 |
---|---|---|
committer | Steve French <stfrench@microsoft.com> | 2018-06-16 02:17:40 +0200 |
commit | 83ffdeadb46b61580c4c9a5319bd76d258a2963d (patch) | |
tree | a6118338b9763022fb49934c1d27bde6f9e97747 /fs | |
parent | cifs: Use correct packet length in SMB2_TRANSFORM header (diff) | |
download | linux-83ffdeadb46b61580c4c9a5319bd76d258a2963d.tar.xz linux-83ffdeadb46b61580c4c9a5319bd76d258a2963d.zip |
cifs: Fix invalid check in __cifs_calc_signature()
The following check would never evaluate to true:
> if (i == 0 && iov[0].iov_len <= 4)
Because 'i' always starts at 1.
This patch fixes it and also move the header checks outside the for loop
- which makes more sense.
Signed-off-by: Paulo Alcantara <palcantara@suse.de>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/cifs/cifsencrypt.c | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c index f23ff848b158..ee2a8ec70056 100644 --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c @@ -48,26 +48,23 @@ int __cifs_calc_signature(struct smb_rqst *rqst, /* iov[0] is actual data and not the rfc1002 length for SMB2+ */ if (is_smb2) { - rc = crypto_shash_update(shash, - iov[0].iov_base, iov[0].iov_len); + if (iov[0].iov_len <= 4) + return -EIO; + i = 0; } else { if (n_vec < 2 || iov[0].iov_len != 4) return -EIO; + i = 1; /* skip rfc1002 length */ } - for (i = 1; i < n_vec; i++) { + for (; i < n_vec; i++) { if (iov[i].iov_len == 0) continue; if (iov[i].iov_base == NULL) { cifs_dbg(VFS, "null iovec entry\n"); return -EIO; } - if (is_smb2) { - if (i == 0 && iov[0].iov_len <= 4) - break; /* nothing to sign or corrupt header */ - } else - if (i == 1 && iov[1].iov_len <= 4) - break; /* nothing to sign or corrupt header */ + rc = crypto_shash_update(shash, iov[i].iov_base, iov[i].iov_len); if (rc) { |