summaryrefslogtreecommitdiff
path: root/fs/cifs
diff options
context:
space:
mode:
Diffstat (limited to 'fs/cifs')
-rw-r--r--fs/cifs/CHANGES3
-rw-r--r--fs/cifs/connect.c6
2 files changed, 7 insertions, 2 deletions
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index 70c90c07edf1..2459ef0a1396 100644
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -10,7 +10,8 @@ opened, read and written as if they were files). When 1st tree
connect fails (e.g. due to signing negotiation failure) fix
leak that causes cifsd not to stop and rmmod to fail to cleanup
cifs_request_buffers pool. Fix problem with POSIX Open/Mkdir on
-bigendian architectures.
+bigendian architectures. Fix possible memory corruption when
+EAGAIN returned on kern_recvmsg.
Version 1.50
------------
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 494455ed4352..676bbf2bb56d 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -415,7 +415,10 @@ incomplete_rcv:
msleep(1); /* minimum sleep to prevent looping
allowing socket to clear and app threads to set
tcpStatus CifsNeedReconnect if server hung */
- continue;
+ if (pdu_length < 4)
+ goto incomplete_rcv;
+ else
+ continue;
} else if (length <= 0) {
if (server->tcpStatus == CifsNew) {
cFYI(1, ("tcp session abend after SMBnegprot"));
@@ -543,6 +546,7 @@ incomplete_rcv:
allowing socket to clear and app
threads to set tcpStatus
CifsNeedReconnect if server hung*/
+ length = 0;
continue;
} else if (length <= 0) {
cERROR(1, ("Received no data, expecting %d",