| From 31efee60f489c759c341454d755a9fd13de8c03d Mon Sep 17 00:00:00 2001 |
| From: Jeff Layton <jlayton@redhat.com> |
| Date: Thu, 27 Dec 2012 08:05:03 -0500 |
| Subject: cifs: adjust sequence number downward after signing NT_CANCEL request |
| |
| From: Jeff Layton <jlayton@redhat.com> |
| |
| commit 31efee60f489c759c341454d755a9fd13de8c03d upstream. |
| |
| When a call goes out, the signing code adjusts the sequence number |
| upward by two to account for the request and the response. An NT_CANCEL |
| however doesn't get a response of its own, it just hurries the server |
| along to get it to respond to the original request more quickly. |
| Therefore, we must adjust the sequence number back down by one after |
| signing a NT_CANCEL request. |
| |
| Reported-by: Tim Perry <tdparmor-sambabugs@yahoo.com> |
| Signed-off-by: Jeff Layton <jlayton@redhat.com> |
| Signed-off-by: Steve French <smfrench@gmail.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/cifs/smb1ops.c | 7 +++++++ |
| 1 file changed, 7 insertions(+) |
| |
| --- a/fs/cifs/smb1ops.c |
| +++ b/fs/cifs/smb1ops.c |
| @@ -53,6 +53,13 @@ send_nt_cancel(struct TCP_Server_Info *s |
| mutex_unlock(&server->srv_mutex); |
| return rc; |
| } |
| + |
| + /* |
| + * The response to this call was already factored into the sequence |
| + * number when the call went out, so we must adjust it back downward |
| + * after signing here. |
| + */ |
| + --server->sequence_number; |
| rc = smb_send(server, in_buf, be32_to_cpu(in_buf->smb_buf_length)); |
| mutex_unlock(&server->srv_mutex); |
| |