The 32-bit rfc1002 header field consists of a type byte and then a 24-bit length field, but get_rfc1002_length doesn't mask off the top byte.
In most cases, it's not a problem since the RFC1002_SESSION_MESSAGE type is '\0', but when doing a RFC1002 session establishment, the type is non-zero and that throws off the returned length in smb_send_rqst. Reported-by: [email protected] Tested-by: Sachin Prabhu <[email protected]> Signed-off-by: Jeff Layton <[email protected]> --- fs/cifs/cifsglob.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index e7fe49e..45376a4 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -506,7 +506,7 @@ struct cifs_mnt_data { static inline unsigned int get_rfc1002_length(void *buf) { - return be32_to_cpu(*((__be32 *)buf)); + return be32_to_cpu(*((__be32 *)buf)) & 0xffffff; } static inline void -- 1.8.5.3 -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
