cifs: handle errors from coalesce_t2

cifs_demultiplex_thread calls coalesce_t2 to try and merge follow-on t2
responses into the original mid buffer. coalesce_t2 however can return
errors, but the caller doesn't handle that situation properly. Fix the
thread to treat such a case as it would a malformed packet. Mark the
mid as being malformed and issue the callback.

Cc: stable@kernel.org
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index bfbf3235a69bda810cd7ba923f9a6ce66788e81e..05f1dcf7d79ae023e2b1aae9b2c358784025c1ef 100644 (file)
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -630,12 +630,16 @@ incomplete_rcv:
                                isMultiRsp = true;
                                if (mid_entry->resp_buf) {
                                        /* merge response - fix up 1st*/
-                                       if (coalesce_t2(smb_buffer,
-                                                       mid_entry->resp_buf)) {
+                                       length = coalesce_t2(smb_buffer,
+                                                       mid_entry->resp_buf);
+                                       if (length > 0) {
+                                               length = 0;
                                                mid_entry->multiRsp = true;
                                                break;
                                        } else {
-                                               /* all parts received */
+                                               /* all parts received or
+                                                * packet is malformed
+                                                */
                                                mid_entry->multiEnd = true;
                                                goto multi_t2_fnd;
                                        }