cifs: fix bad buffer length check in coalesce_t2

[pandora-kernel.git] / fs / cifs / connect.c

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 8cd4b52..27c4f25 100644 (file)
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -282,7 +282,7 @@ static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
        byte_count = be32_to_cpu(pTargetSMB->smb_buf_length);
        byte_count += total_in_buf2;
        /* don't allow buffer to overflow */
-       if (byte_count > CIFSMaxBufSize)
+       if (byte_count > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4)
                return -ENOBUFS;
        pTargetSMB->smb_buf_length = cpu_to_be32(byte_count);