Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 83ffdead authored by Paulo Alcantara's avatar Paulo Alcantara Committed by Steve French
Browse files

cifs: Fix invalid check in __cifs_calc_signature() 



The following check would never evaluate to true:
  > if (i == 0 && iov[0].iov_len <= 4)

Because 'i' always starts at 1.

This patch fixes it and also move the header checks outside the for loop
- which makes more sense.

Signed-off-by: default avatarPaulo Alcantara <palcantara@suse.de>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent 35e2cc1b

fs/cifs/cifsencrypt.c

+6 −9
Original line number Diff line number Diff line
@@ -48,26 +48,23 @@ int __cifs_calc_signature(struct smb_rqst *rqst, 


	/* iov[0] is actual data and not the rfc1002 length for SMB2+ */

	if (is_smb2) {

		rc = crypto_shash_update(shash,

					 iov[0].iov_base, iov[0].iov_len);

		if (iov[0].iov_len <= 4)

			return -EIO;

		i = 0;

	} else {

		if (n_vec < 2 || iov[0].iov_len != 4)

			return -EIO;

		i = 1; /* skip rfc1002 length */

	}



	for (i = 1; i < n_vec; i++) {

	for (; i < n_vec; i++) {

		if (iov[i].iov_len == 0)

			continue;

		if (iov[i].iov_base == NULL) {

			cifs_dbg(VFS, "null iovec entry\n");

			return -EIO;

		}

		if (is_smb2) {

			if (i == 0 && iov[0].iov_len <= 4)

				break; /* nothing to sign or corrupt header */

		} else

			if (i == 1 && iov[1].iov_len <= 4)

				break; /* nothing to sign or corrupt header */



		rc = crypto_shash_update(shash,

					 iov[i].iov_base, iov[i].iov_len);

		if (rc) {