From patchwork Thu Jan 27 12:45:05 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jeff Layton <jlayton@redhat.com>
X-Patchwork-Id: 511991
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id p0RChWsw009578
	for <patchwork-linux-cifs@patchwork.kernel.org>;
	Thu, 27 Jan 2011 12:45:11 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752725Ab1A0MpL (ORCPT
	<rfc822;patchwork-linux-cifs@patchwork.kernel.org>);
	Thu, 27 Jan 2011 07:45:11 -0500
Received: from mail-yi0-f46.google.com ([209.85.218.46]:47333 "EHLO
	mail-yi0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750921Ab1A0MpL (ORCPT
	<rfc822; linux-cifs@vger.kernel.org>); Thu, 27 Jan 2011 07:45:11 -0500
Received: by yib18 with SMTP id 18so551744yib.19
	for <linux-cifs@vger.kernel.org>;
	Thu, 27 Jan 2011 04:45:09 -0800 (PST)
Received: by 10.100.95.10 with SMTP id s10mr584866anb.5.1296132309808;
	Thu, 27 Jan 2011 04:45:09 -0800 (PST)
Received: from salusa.poochiereds.net (cpe-071-070-153-003.nc.res.rr.com
	[71.70.153.3])
	by mx.google.com with ESMTPS id w6sm562739anf.26.2011.01.27.04.45.08
	(version=SSLv3 cipher=RC4-MD5);
	Thu, 27 Jan 2011 04:45:08 -0800 (PST)
From: Jeff Layton <jlayton@redhat.com>
To: smfrench@gmail.com
Cc: linux-cifs@vger.kernel.org
Subject: [PATCH] cifs: fix length checks in checkSMB
Date: Thu, 27 Jan 2011 07:45:05 -0500
Message-Id: <1296132305-21872-1-git-send-email-jlayton@redhat.com>
X-Mailer: git-send-email 1.7.3.4
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]);
	Thu, 27 Jan 2011 12:45:35 +0000 (UTC)


diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
index 72e99ec..959d629 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -467,23 +467,10 @@ checkSMB(struct smb_hdr *smb, __u16 mid, unsigned int length)
 			if (((4 + len) & 0xFFFF) == (clc_len & 0xFFFF))
 				return 0; /* bcc wrapped */
 		}
-		cFYI(1, "Calculated size %d vs length %d mismatch for mid %d",
+		cFYI(1, "Calculated size %u vs length %u mismatch for mid=%u",
 				clc_len, 4 + len, smb->Mid);
-		/* Windows XP can return a few bytes too much, presumably
-		an illegal pad, at the end of byte range lock responses
-		so we allow for that three byte pad, as long as actual
-		received length is as long or longer than calculated length */
-		/* We have now had to extend this more, since there is a
-		case in which it needs to be bigger still to handle a
-		malformed response to transact2 findfirst from WinXP when
-		access denied is returned and thus bcc and wct are zero
-		but server says length is 0x21 bytes too long as if the server
-		forget to reset the smb rfc1001 length when it reset the
-		wct and bcc to minimum size and drop the t2 parms and data */
-		if ((4+len > clc_len) && (len <= clc_len + 512))
-			return 0;
-		else {
-			cERROR(1, "RFC1001 size %d bigger than SMB for Mid=%d",
+		if (4+len < clc_len) {
+			cERROR(1, "RFC1001 size %d smaller than SMB for mid=%u",
 					len, smb->Mid);
 			return 1;
 		}