]> rtime.felk.cvut.cz Git - linux-imx.git/commitdiff
projects / linux-imx.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ea702b8)
cifs: adjust sequence number downward after signing NT_CANCEL request
authorJeff Layton <jlayton@redhat.com>
Thu, 27 Dec 2012 13:05:03 +0000 (08:05 -0500)
committerSteve French <smfrench@gmail.com>
Sun, 30 Dec 2012 17:43:51 +0000 (11:43 -0600)
When a call goes out, the signing code adjusts the sequence number
upward by two to account for the request and the response. An NT_CANCEL
however doesn't get a response of its own, it just hurries the server
along to get it to respond to the original request more quickly.
Therefore, we must adjust the sequence number back down by one after
signing a NT_CANCEL request.

Cc: <stable@vger.kernel.org>
Reported-by: Tim Perry <tdparmor-sambabugs@yahoo.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
fs/cifs/smb1ops.c patch | blob | history

diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c
index a5d234c8d5d9295f41e947188ba020da68ec33dd..dd79056c058142184b9c1f393c2f686070d75b29 100644 (file)
--- a/fs/cifs/smb1ops.c
+++ b/fs/cifs/smb1ops.c
@@ -53,6 +53,13 @@ send_nt_cancel(struct TCP_Server_Info *server, void *buf,
                mutex_unlock(&server->srv_mutex);
                return rc;
        }
+
+       /*
+        * The response to this call was already factored into the sequence
+        * number when the call went out, so we must adjust it back downward
+        * after signing here.
+        */
+       --server->sequence_number;
        rc = smb_send(server, in_buf, be32_to_cpu(in_buf->smb_buf_length));
        mutex_unlock(&server->srv_mutex);
 
Local Linux development repo for Freescale iMX