CIFS: Fix lease context buffer parsing
authorPavel Shilovsky <pshilovsky@samba.org>
Tue, 9 Jul 2013 15:44:56 +0000 (19:44 +0400)
committerSteve French <smfrench@gmail.com>
Wed, 10 Jul 2013 18:08:39 +0000 (13:08 -0500)
to prevent missing RqLs context if it's not the first one.

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steven French <steven@steven-GA-970A-DS3.(none)>
fs/cifs/smb2pdu.c

index 2b312e4eeaa6c281192c622bc3d54e0327077626..19fafeb767fa2116b7f085ebcfb80d043171fd95 100644 (file)
@@ -853,23 +853,24 @@ parse_lease_state(struct smb2_create_rsp *rsp)
        char *data_offset;
        struct create_lease *lc;
        bool found = false;
+       unsigned int next = 0;
+       char *name;
 
-       data_offset = (char *)rsp;
-       data_offset += 4 + le32_to_cpu(rsp->CreateContextsOffset);
+       data_offset = (char *)rsp + 4 + le32_to_cpu(rsp->CreateContextsOffset);
        lc = (struct create_lease *)data_offset;
        do {
-               char *name = le16_to_cpu(lc->ccontext.NameOffset) + (char *)lc;
+               lc = (struct create_lease *)((char *)lc + next);
+               name = le16_to_cpu(lc->ccontext.NameOffset) + (char *)lc;
                if (le16_to_cpu(lc->ccontext.NameLength) != 4 ||
                    strncmp(name, "RqLs", 4)) {
-                       lc = (struct create_lease *)((char *)lc
-                                       + le32_to_cpu(lc->ccontext.Next));
+                       next = le32_to_cpu(lc->ccontext.Next);
                        continue;
                }
                if (lc->lcontext.LeaseFlags & SMB2_LEASE_FLAG_BREAK_IN_PROGRESS)
                        return SMB2_OPLOCK_LEVEL_NOCHANGE;
                found = true;
                break;
-       } while (le32_to_cpu(lc->ccontext.Next) != 0);
+       } while (next != 0);
 
        if (!found)
                return 0;