Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

cifs: Fix invalid check in __cifs_calc_signature()

The following check would never evaluate to true:
  > if (i == 0 && iov[0].iov_len <= 4)

Because 'i' always starts at 1.

This patch fixes it and also move the header checks outside the for loop
- which makes more sense.

Signed-off-by: Paulo Alcantara <palcantara@suse.de>
Signed-off-by: Steve French <stfrench@microsoft.com>
Paulo Alcantara 7 years ago
parent
35e2cc1ba7
commit
83ffdeadb4
1 changed files with 6 additions and 9 deletions
Split View Show Diff Stats
  1. 6 9
      fs/cifs/cifsencrypt.c

+ 6 - 9
fs/cifs/cifsencrypt.c
View File 

@@ -48,26 +48,23 @@ int __cifs_calc_signature(struct smb_rqst *rqst,
 
 
 	/* iov[0] is actual data and not the rfc1002 length for SMB2+ */
 
 	if (is_smb2) {
 
-		rc = crypto_shash_update(shash,
 
-					 iov[0].iov_base, iov[0].iov_len);
 
+		if (iov[0].iov_len <= 4)
 
+			return -EIO;
 
+		i = 0;
 
 	} else {
 
 		if (n_vec < 2 || iov[0].iov_len != 4)
 
 			return -EIO;
 
+		i = 1; /* skip rfc1002 length */
 
 	}
 
 
-	for (i = 1; i < n_vec; i++) {
 
+	for (; i < n_vec; i++) {
 
 		if (iov[i].iov_len == 0)
 
 			continue;
 
 		if (iov[i].iov_base == NULL) {
 
 			cifs_dbg(VFS, "null iovec entry\n");
 
 			return -EIO;
 
 		}
 
-		if (is_smb2) {
 
-			if (i == 0 && iov[0].iov_len <= 4)
 
-				break; /* nothing to sign or corrupt header */
 
-		} else
 
-			if (i == 1 && iov[1].iov_len <= 4)
 
-				break; /* nothing to sign or corrupt header */
 
+
 
 		rc = crypto_shash_update(shash,
 
 					 iov[i].iov_base, iov[i].iov_len);
 
 		if (rc) {