Commit fd554396 authored by Pavel Shilovsky's avatar Pavel Shilovsky Committed by Steve French

CIFS: Fix lease context buffer parsing

to prevent missing RqLs context if it's not the first one.
Signed-off-by: default avatarPavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: default avatarSteven French <steven@steven-GA-970A-DS3.(none)>
parent 6658b9f7
...@@ -853,23 +853,24 @@ parse_lease_state(struct smb2_create_rsp *rsp) ...@@ -853,23 +853,24 @@ parse_lease_state(struct smb2_create_rsp *rsp)
char *data_offset; char *data_offset;
struct create_lease *lc; struct create_lease *lc;
bool found = false; bool found = false;
unsigned int next = 0;
char *name;
data_offset = (char *)rsp; data_offset = (char *)rsp + 4 + le32_to_cpu(rsp->CreateContextsOffset);
data_offset += 4 + le32_to_cpu(rsp->CreateContextsOffset);
lc = (struct create_lease *)data_offset; lc = (struct create_lease *)data_offset;
do { do {
char *name = le16_to_cpu(lc->ccontext.NameOffset) + (char *)lc; lc = (struct create_lease *)((char *)lc + next);
name = le16_to_cpu(lc->ccontext.NameOffset) + (char *)lc;
if (le16_to_cpu(lc->ccontext.NameLength) != 4 || if (le16_to_cpu(lc->ccontext.NameLength) != 4 ||
strncmp(name, "RqLs", 4)) { strncmp(name, "RqLs", 4)) {
lc = (struct create_lease *)((char *)lc next = le32_to_cpu(lc->ccontext.Next);
+ le32_to_cpu(lc->ccontext.Next));
continue; continue;
} }
if (lc->lcontext.LeaseFlags & SMB2_LEASE_FLAG_BREAK_IN_PROGRESS) if (lc->lcontext.LeaseFlags & SMB2_LEASE_FLAG_BREAK_IN_PROGRESS)
return SMB2_OPLOCK_LEVEL_NOCHANGE; return SMB2_OPLOCK_LEVEL_NOCHANGE;
found = true; found = true;
break; break;
} while (le32_to_cpu(lc->ccontext.Next) != 0); } while (next != 0);
if (!found) if (!found)
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment