CIFS: Fix possible freed pointer dereference in CIFS_SessSetup

Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>

CIFS: Fix possible freed pointer dereference in CIFS_SessSetup
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
Pavel Shilovsky · Steve French
1 parent 4ca3a99ca4
Showing 1 changed file with 2 additions and 1 deletions Side-by-side Diff
fs/cifs/sess.c
@@ -876,7 +876,8 @@
 	pSMB = (SESSION_SETUP_ANDX *)iov[0].iov_base;
 	smb_buf = (struct smb_hdr *)iov[0].iov_base;
  
-	if ((type == RawNTLMSSP) && (smb_buf->Status.CifsError ==
+	if ((type == RawNTLMSSP) && (resp_buf_type != CIFS_NO_BUFFER) &&
+	    (smb_buf->Status.CifsError ==
 			cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))) {
 		if (phase != NtLmNegotiate) {
 			cERROR(1, "Unexpected more processing error");
...	...	@@ -876,7 +876,8 @@
876	876	pSMB = (SESSION_SETUP_ANDX *)iov[0].iov_base;
877	877	smb_buf = (struct smb_hdr *)iov[0].iov_base;
878	878
879		- if ((type == RawNTLMSSP) && (smb_buf->Status.CifsError ==
	879	+ if ((type == RawNTLMSSP) && (resp_buf_type != CIFS_NO_BUFFER) &&
	880	+ (smb_buf->Status.CifsError ==
880	881	cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))) {
881	882	if (phase != NtLmNegotiate) {
882	883	cERROR(1, "Unexpected more processing error");