From patchwork Wed Jul 10 09:59:53 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Shilovsky X-Patchwork-Id: 2825581 Return-Path: X-Original-To: patchwork-cifs-client@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 4F2D4C0AB2 for ; Wed, 10 Jul 2013 10:00:29 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 945DF20161 for ; Wed, 10 Jul 2013 10:00:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 57BEB20163 for ; Wed, 10 Jul 2013 10:00:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754205Ab3GJKAQ (ORCPT ); Wed, 10 Jul 2013 06:00:16 -0400 Received: from mail-la0-f43.google.com ([209.85.215.43]:50662 "EHLO mail-la0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753514Ab3GJKAN (ORCPT ); Wed, 10 Jul 2013 06:00:13 -0400 Received: by mail-la0-f43.google.com with SMTP id gw10so5679483lab.30 for ; Wed, 10 Jul 2013 03:00:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:subject:date:message-id:x-mailer:in-reply-to :references; bh=jy52qdNv0Cy41IIb9VGJkIrYDUP3s7zWvp97htvEyB0=; b=D9IFktxgLmgEGZMexi9ILtYCFapQr+Za6v6jFucyR1d6qGdYwE6phbCcGxUoRluOQ1 LV9P975wf8Yi5BWMeVtjic8GcKN8PftUw4pL2qHmCRmWBNKkJOpi7My3V5Z8IYOXgqdN Fim+dICh9iV+53tN3g/Qe08d9XdheOOdVmxcXzP2f8dxosNY1WrXtz4//sZUe6Afzjju sr6n6kMHIbr6BGwC+STlzgByCdBHTJ/A6JrYOQTV8cZypDdH2VVzQYvjqOWmX7KsWY2x iCQASy3GURFXfnm8Lw4dJ26b1TR658A8Wq4z7PBa/XLtv/bBNDRERC2y/IE5jfUbPtoW BOag== X-Received: by 10.112.159.66 with SMTP id xa2mr14361829lbb.60.1373450411794; Wed, 10 Jul 2013 03:00:11 -0700 (PDT) Received: from localhost.localdomain (PPPoE-78-29-83-145.san.ru. [78.29.83.145]) by mx.google.com with ESMTPSA id 6sm10421833lbu.13.2013.07.10.03.00.10 for (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 10 Jul 2013 03:00:10 -0700 (PDT) From: Pavel Shilovsky To: linux-cifs@vger.kernel.org Subject: [PATCH 1/8] CIFS: Fix lease context buffer parsing Date: Wed, 10 Jul 2013 13:59:53 +0400 Message-Id: <1373450401-4135-2-git-send-email-pshilovsky@samba.org> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1373450401-4135-1-git-send-email-pshilovsky@samba.org> References: <1373450401-4135-1-git-send-email-pshilovsky@samba.org> Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP to prevent missing RqLs context if it's not the first one. Signed-off-by: Pavel Shilovsky --- fs/cifs/smb2pdu.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 2b312e4..19fafeb 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -853,23 +853,24 @@ parse_lease_state(struct smb2_create_rsp *rsp) char *data_offset; struct create_lease *lc; bool found = false; + unsigned int next = 0; + char *name; - data_offset = (char *)rsp; - data_offset += 4 + le32_to_cpu(rsp->CreateContextsOffset); + data_offset = (char *)rsp + 4 + le32_to_cpu(rsp->CreateContextsOffset); lc = (struct create_lease *)data_offset; do { - char *name = le16_to_cpu(lc->ccontext.NameOffset) + (char *)lc; + lc = (struct create_lease *)((char *)lc + next); + name = le16_to_cpu(lc->ccontext.NameOffset) + (char *)lc; if (le16_to_cpu(lc->ccontext.NameLength) != 4 || strncmp(name, "RqLs", 4)) { - lc = (struct create_lease *)((char *)lc - + le32_to_cpu(lc->ccontext.Next)); + next = le32_to_cpu(lc->ccontext.Next); continue; } if (lc->lcontext.LeaseFlags & SMB2_LEASE_FLAG_BREAK_IN_PROGRESS) return SMB2_OPLOCK_LEVEL_NOCHANGE; found = true; break; - } while (le32_to_cpu(lc->ccontext.Next) != 0); + } while (next != 0); if (!found) return 0;