From: Paulo Alcantara <paulo@paulo.ac>
Date: Fri, 15 Jun 2018 15:58:00 -0300
Subject: [PATCH] cifs: Fix invalid check in __cifs_calc_signature()
Git-commit: 83ffdeadb46b61580c4c9a5319bd76d258a2963d
Patch-mainline: v4.18-rc1
References: bsc#1144333

The following check would never evaluate to true:
  > if (i == 0 && iov[0].iov_len <= 4)

Because 'i' always starts at 1.

This patch fixes it and also move the header checks outside the for loop
- which makes more sense.

Signed-off-by: Paulo Alcantara <palcantara@suse.de>
Signed-off-by: Steve French <stfrench@microsoft.com>
Acked-by: Aurelien Aptel <aaptel@suse.com>
---
 fs/cifs/cifsencrypt.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index f23ff848b158..ee2a8ec70056 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -48,26 +48,23 @@ int __cifs_calc_signature(struct smb_rqst *rqst,
 
 	/* iov[0] is actual data and not the rfc1002 length for SMB2+ */
 	if (is_smb2) {
-		rc = crypto_shash_update(shash,
-					 iov[0].iov_base, iov[0].iov_len);
+		if (iov[0].iov_len <= 4)
+			return -EIO;
+		i = 0;
 	} else {
 		if (n_vec < 2 || iov[0].iov_len != 4)
 			return -EIO;
+		i = 1; /* skip rfc1002 length */
 	}
 
-	for (i = 1; i < n_vec; i++) {
+	for (; i < n_vec; i++) {
 		if (iov[i].iov_len == 0)
 			continue;
 		if (iov[i].iov_base == NULL) {
 			cifs_dbg(VFS, "null iovec entry\n");
 			return -EIO;
 		}
-		if (is_smb2) {
-			if (i == 0 && iov[0].iov_len <= 4)
-				break; /* nothing to sign or corrupt header */
-		} else
-			if (i == 1 && iov[1].iov_len <= 4)
-				break; /* nothing to sign or corrupt header */
+
 		rc = crypto_shash_update(shash,
 					 iov[i].iov_base, iov[i].iov_len);
 		if (rc) {
-- 
2.16.4