From 16541ba11c4f04ffe94b073e301f00b749fb84a1 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Fri, 29 Apr 2011 06:52:44 -0400 Subject: cifs: handle errors from coalesce_t2 cifs_demultiplex_thread calls coalesce_t2 to try and merge follow-on t2 responses into the original mid buffer. coalesce_t2 however can return errors, but the caller doesn't handle that situation properly. Fix the thread to treat such a case as it would a malformed packet. Mark the mid as being malformed and issue the callback. Cc: stable@kernel.org Acked-by: David Howells Signed-off-by: Jeff Layton Signed-off-by: Steve French --- fs/cifs/connect.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index bfbf323..05f1dcf 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -630,12 +630,16 @@ incomplete_rcv: isMultiRsp = true; if (mid_entry->resp_buf) { /* merge response - fix up 1st*/ - if (coalesce_t2(smb_buffer, - mid_entry->resp_buf)) { + length = coalesce_t2(smb_buffer, + mid_entry->resp_buf); + if (length > 0) { + length = 0; mid_entry->multiRsp = true; break; } else { - /* all parts received */ + /* all parts received or + * packet is malformed + */ mid_entry->multiEnd = true; goto multi_t2_fnd; } -- cgit v1.1