summaryrefslogtreecommitdiff
path: root/fs/cifs
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2012-12-27 08:05:03 -0500
committerSteve French <smfrench@gmail.com>2012-12-30 11:43:51 -0600
commit31efee60f489c759c341454d755a9fd13de8c03d (patch)
tree5cfe2dcce401fc01717d84cddc956ab138585f94 /fs/cifs
parentea702b80e0bbb2448e201472127288beb82ca2fe (diff)
downloadlinux-3.10-31efee60f489c759c341454d755a9fd13de8c03d.tar.gz
linux-3.10-31efee60f489c759c341454d755a9fd13de8c03d.tar.bz2
linux-3.10-31efee60f489c759c341454d755a9fd13de8c03d.zip
cifs: adjust sequence number downward after signing NT_CANCEL request
When a call goes out, the signing code adjusts the sequence number upward by two to account for the request and the response. An NT_CANCEL however doesn't get a response of its own, it just hurries the server along to get it to respond to the original request more quickly. Therefore, we must adjust the sequence number back down by one after signing a NT_CANCEL request. Cc: <stable@vger.kernel.org> Reported-by: Tim Perry <tdparmor-sambabugs@yahoo.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
Diffstat (limited to 'fs/cifs')
-rw-r--r--fs/cifs/smb1ops.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c
index a5d234c8d5d..dd79056c058 100644
--- a/fs/cifs/smb1ops.c
+++ b/fs/cifs/smb1ops.c
@@ -53,6 +53,13 @@ send_nt_cancel(struct TCP_Server_Info *server, void *buf,
mutex_unlock(&server->srv_mutex);
return rc;
}
+
+ /*
+ * The response to this call was already factored into the sequence
+ * number when the call went out, so we must adjust it back downward
+ * after signing here.
+ */
+ --server->sequence_number;
rc = smb_send(server, in_buf, be32_to_cpu(in_buf->smb_buf_length));
mutex_unlock(&server->srv_mutex);