[Trusty][SRU][PATCH 1/1] cifs: mask off top byte in get_rfc1002_length()

Joseph Salisbury joseph.salisbury at canonical.com
Tue Sep 30 18:10:36 UTC 2014

From: Jeff Layton <jlayton at redhat.com>

BugLink: http://bugs.launchpad.net/bugs/1372482

The rfc1002 length actually includes a type byte, which we aren't
masking off. In most cases, it's not a problem since the
RFC1002_SESSION_MESSAGE type is 0, but when doing a RFC1002 session
establishment, the type is non-zero and that throws off the returned

Signed-off-by: Jeff Layton <jlayton at redhat.com>
Tested-by: Sachin Prabhu <sprabhu at redhat.com>
Signed-off-by: Steve French <smfrench at gmail.com>
(cherry picked from commit dca1c8d17a2feae056f9e334ea75a462ae4cb52a)
Signed-off-by: Joseph Salisbury <joseph.salisbury at canonical.com>
 fs/cifs/cifsglob.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index dce9208..727dec2 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -508,7 +508,7 @@ struct cifs_mnt_data {
 static inline unsigned int
 get_rfc1002_length(void *buf)
-	return be32_to_cpu(*((__be32 *)buf));
+	return be32_to_cpu(*((__be32 *)buf)) & 0xffffff;
 static inline void

More information about the kernel-team mailing list