fs/cifs: fix parsing of dfs referrals

The problem was that the first referral was parsed more than once and so the caller tried the same referrals multiple times. The problem was introduced partly by commit 066ce689, where 'ref += le16_to_cpu(ref->Size);' got lost, but that was also wrong... Cc: <stable@vger.kernel.org> Signed-off-by: N Stefan Metzmacher <metze@samba.org> Tested-by: N Björn Jacke <bj@sernet.de> Reviewed-by: N Jeff Layton <jlayton@redhat.com> Signed-off-by: N Steve French <sfrench@us.ibm.com>

fs/cifs: fix parsing of dfs referrals
The problem was that the first referral was parsed more than once and so the caller tried the same referrals multiple times. The problem was introduced partly by commit 066ce689, where 'ref += le16_to_cpu(ref->Size);' got lost, but that was also wrong... Cc: <stable@vger.kernel.org> Signed-off-by: N Stefan Metzmacher <metze@samba.org> Tested-by: N Björn Jacke <bj@sernet.de> Reviewed-by: N Jeff Layton <jlayton@redhat.com> Signed-off-by: N Steve French <sfrench@us.ibm.com>
d8f2799b · Stefan Metzmacher · Steve French · a557b976 · d8f2799b
隐藏空白更改
内联并排

Showing with 5 addition and 1 deletion

fs/cifs/cifssmb.c fs/cifs/cifssmb.c +5 -1

未找到文件。
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -4844,8 +4844,12 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr,
 		max_len = data_end - temp;
 		node->node_name = cifs_strndup_from_utf16(temp, max_len,
 						is_unicode, nls_codepage);
-		if (!node->node_name)
+		if (!node->node_name) {
 			rc = -ENOMEM;
+			goto parse_DFS_referrals_exit;
+		}
+
+		ref++;
 	}

 parse_DFS_referrals_exit: