CIFS: Fix lease context buffer parsing

to prevent missing RqLs context if it's not the first one. Signed-off-by: Pavel Shilovsky <[email protected]> Signed-off-by: Steven French <steven@steven-GA-970A-DS3.(none)>
AnTAVR · Jul 10, 2013 · fd55439 · fd55439
1 parent 6658b9f
commit fd55439
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
@@ -853,23 +853,24 @@ parse_lease_state(struct smb2_create_rsp *rsp)
 	char *data_offset;
 	struct create_lease *lc;
 	bool found = false;
+	unsigned int next = 0;
+	char *name;
 
-	data_offset = (char *)rsp;
-	data_offset += 4 + le32_to_cpu(rsp->CreateContextsOffset);
+	data_offset = (char *)rsp + 4 + le32_to_cpu(rsp->CreateContextsOffset);
 	lc = (struct create_lease *)data_offset;
 	do {
-		char *name = le16_to_cpu(lc->ccontext.NameOffset) + (char *)lc;
+		lc = (struct create_lease *)((char *)lc + next);
+		name = le16_to_cpu(lc->ccontext.NameOffset) + (char *)lc;
 		if (le16_to_cpu(lc->ccontext.NameLength) != 4 ||
 		    strncmp(name, "RqLs", 4)) {
-			lc = (struct create_lease *)((char *)lc
-					+ le32_to_cpu(lc->ccontext.Next));
+			next = le32_to_cpu(lc->ccontext.Next);
 			continue;
 		}
 		if (lc->lcontext.LeaseFlags & SMB2_LEASE_FLAG_BREAK_IN_PROGRESS)
 			return SMB2_OPLOCK_LEVEL_NOCHANGE;
 		found = true;
 		break;
-	} while (le32_to_cpu(lc->ccontext.Next) != 0);
+	} while (next != 0);
 
 	if (!found)
 		return 0;