summaryrefslogtreecommitdiffstats
path: root/net/caif
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2014-02-14 13:21:00 +0100
committerSteve French <smfrench@gmail.com>2014-02-24 03:55:07 +0100
commita26054d184763969a411e3939fe243516715ff59 (patch)
tree949134388a332f66f28a80d329263031e7136d43 /net/caif
parentCIFS: Fix wrong pos argument of cifs_find_lock_conflict (diff)
downloadlinux-a26054d184763969a411e3939fe243516715ff59.tar.xz
linux-a26054d184763969a411e3939fe243516715ff59.zip
cifs: sanity check length of data to send before sending
We had a bug discovered recently where an upper layer function (cifs_iovec_write) could pass down a smb_rqst with an invalid amount of data in it. The length of the SMB frame would be correct, but the rqst struct would cause smb_send_rqst to send nearly 4GB of data. This should never be the case. Add some sanity checking to the beginning of smb_send_rqst that ensures that the amount of data we're going to send agrees with the length in the RFC1002 header. If it doesn't, WARN() and return -EIO to the upper layers. Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Sachin Prabhu <sprabhu@redhat.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
Diffstat (limited to 'net/caif')
0 files changed, 0 insertions, 0 deletions