diff mbox

[Trusty,SRU,1/1] cifs: mask off top byte in get_rfc1002_length()

Message ID 5c5173919a13801a320fe8b8c4e12f2a647c9009.1412095617.git.joseph.salisbury@canonical.com
State New
Headers show

Commit Message

Joseph Salisbury Sept. 30, 2014, 6:10 p.m. UTC 
From: Jeff Layton <jlayton@redhat.com>

BugLink: http://bugs.launchpad.net/bugs/1372482

The rfc1002 length actually includes a type byte, which we aren't
masking off. In most cases, it's not a problem since the
RFC1002_SESSION_MESSAGE type is 0, but when doing a RFC1002 session
establishment, the type is non-zero and that throws off the returned
length.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Tested-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
(cherry picked from commit dca1c8d17a2feae056f9e334ea75a462ae4cb52a)
Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com>
---
 fs/cifs/cifsglob.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Tim Gardner Sept. 30, 2014, 6:27 p.m. UTC | #1
Seth Forshee Sept. 30, 2014, 6:32 p.m. UTC | #2
diff mbox

Patch

diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index dce9208..727dec2 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -508,7 +508,7 @@  struct cifs_mnt_data {
 static inline unsigned int
 get_rfc1002_length(void *buf)
 {
-	return be32_to_cpu(*((__be32 *)buf));
+	return be32_to_cpu(*((__be32 *)buf)) & 0xffffff;
 }
 
 static inline void