Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 83ffdead authored by Paulo Alcantara's avatar Paulo Alcantara Committed by Steve French
Browse files

cifs: Fix invalid check in __cifs_calc_signature()



The following check would never evaluate to true:
  > if (i == 0 && iov[0].iov_len <= 4)

Because 'i' always starts at 1.

This patch fixes it and also move the header checks outside the for loop
- which makes more sense.

Signed-off-by: default avatarPaulo Alcantara <palcantara@suse.de>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent 35e2cc1b
Loading
Loading
Loading
Loading
+6 −9
Original line number Diff line number Diff line
@@ -48,26 +48,23 @@ int __cifs_calc_signature(struct smb_rqst *rqst,

	/* iov[0] is actual data and not the rfc1002 length for SMB2+ */
	if (is_smb2) {
		rc = crypto_shash_update(shash,
					 iov[0].iov_base, iov[0].iov_len);
		if (iov[0].iov_len <= 4)
			return -EIO;
		i = 0;
	} else {
		if (n_vec < 2 || iov[0].iov_len != 4)
			return -EIO;
		i = 1; /* skip rfc1002 length */
	}

	for (i = 1; i < n_vec; i++) {
	for (; i < n_vec; i++) {
		if (iov[i].iov_len == 0)
			continue;
		if (iov[i].iov_base == NULL) {
			cifs_dbg(VFS, "null iovec entry\n");
			return -EIO;
		}
		if (is_smb2) {
			if (i == 0 && iov[0].iov_len <= 4)
				break; /* nothing to sign or corrupt header */
		} else
			if (i == 1 && iov[1].iov_len <= 4)
				break; /* nothing to sign or corrupt header */

		rc = crypto_shash_update(shash,
					 iov[i].iov_base, iov[i].iov_len);
		if (rc) {