diff mbox

cifs: Fix invalid check in __cifs_calc_signature()

Message ID 20180615185800.6031-1-paulo@paulo.ac (mailing list archive)
State New, archived
Headers show

Commit Message

Paulo Alcantara (SUSE) June 15, 2018, 6:58 p.m. UTC 
The following check would never evaluate to true:
  > if (i == 0 && iov[0].iov_len <= 4)

Because 'i' always starts at 1.

This patch fixes it and also move the header checks outside the for loop
- which makes more sense.

Signed-off-by: Paulo Alcantara <palcantara@suse.de>
---
 fs/cifs/cifsencrypt.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)
diff mbox

Patch

diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index f23ff848b158..ee2a8ec70056 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -48,26 +48,23 @@  int __cifs_calc_signature(struct smb_rqst *rqst,
 
 	/* iov[0] is actual data and not the rfc1002 length for SMB2+ */
 	if (is_smb2) {
-		rc = crypto_shash_update(shash,
-					 iov[0].iov_base, iov[0].iov_len);
+		if (iov[0].iov_len <= 4)
+			return -EIO;
+		i = 0;
 	} else {
 		if (n_vec < 2 || iov[0].iov_len != 4)
 			return -EIO;
+		i = 1; /* skip rfc1002 length */
 	}
 
-	for (i = 1; i < n_vec; i++) {
+	for (; i < n_vec; i++) {
 		if (iov[i].iov_len == 0)
 			continue;
 		if (iov[i].iov_base == NULL) {
 			cifs_dbg(VFS, "null iovec entry\n");
 			return -EIO;
 		}
-		if (is_smb2) {
-			if (i == 0 && iov[0].iov_len <= 4)
-				break; /* nothing to sign or corrupt header */
-		} else
-			if (i == 1 && iov[1].iov_len <= 4)
-				break; /* nothing to sign or corrupt header */
+
 		rc = crypto_shash_update(shash,
 					 iov[i].iov_base, iov[i].iov_len);
 		if (rc) {