summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaulo Alcantara <paulo@paulo.ac>2018-06-15 21:58:00 +0300
committerSteve French <stfrench@microsoft.com>2018-06-16 03:17:40 +0300
commit83ffdeadb46b61580c4c9a5319bd76d258a2963d (patch)
treea6118338b9763022fb49934c1d27bde6f9e97747
parent35e2cc1ba755cf9dbd042e308b2928c868767a98 (diff)
downloadlinux-83ffdeadb46b61580c4c9a5319bd76d258a2963d.tar.xz
cifs: Fix invalid check in __cifs_calc_signature()
The following check would never evaluate to true: > if (i == 0 && iov[0].iov_len <= 4) Because 'i' always starts at 1. This patch fixes it and also move the header checks outside the for loop - which makes more sense. Signed-off-by: Paulo Alcantara <palcantara@suse.de> Signed-off-by: Steve French <stfrench@microsoft.com>
-rw-r--r--fs/cifs/cifsencrypt.c15
1 files changed, 6 insertions, 9 deletions
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index f23ff848b158..ee2a8ec70056 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -48,26 +48,23 @@ int __cifs_calc_signature(struct smb_rqst *rqst,
/* iov[0] is actual data and not the rfc1002 length for SMB2+ */
if (is_smb2) {
- rc = crypto_shash_update(shash,
- iov[0].iov_base, iov[0].iov_len);
+ if (iov[0].iov_len <= 4)
+ return -EIO;
+ i = 0;
} else {
if (n_vec < 2 || iov[0].iov_len != 4)
return -EIO;
+ i = 1; /* skip rfc1002 length */
}
- for (i = 1; i < n_vec; i++) {
+ for (; i < n_vec; i++) {
if (iov[i].iov_len == 0)
continue;
if (iov[i].iov_base == NULL) {
cifs_dbg(VFS, "null iovec entry\n");
return -EIO;
}
- if (is_smb2) {
- if (i == 0 && iov[0].iov_len <= 4)
- break; /* nothing to sign or corrupt header */
- } else
- if (i == 1 && iov[1].iov_len <= 4)
- break; /* nothing to sign or corrupt header */
+
rc = crypto_shash_update(shash,
iov[i].iov_base, iov[i].iov_len);
if (rc) {