cifs: fix bad buffer length check in coalesce_t2

[pandora-kernel.git] / fs / cifs / connect.c

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index d6a972d..27c4f25 100644 (file)
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -282,7 +282,7 @@ static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
        byte_count = be32_to_cpu(pTargetSMB->smb_buf_length);
        byte_count += total_in_buf2;
        /* don't allow buffer to overflow */
-       if (byte_count > CIFSMaxBufSize)
+       if (byte_count > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4)
                return -ENOBUFS;
        pTargetSMB->smb_buf_length = cpu_to_be32(byte_count);
 
@@ -441,6 +441,8 @@ cifs_readv_from_socket(struct TCP_Server_Info *server, struct kvec *iov_orig,
        smb_msg.msg_controllen = 0;
 
        for (total_read = 0; to_read; total_read += length, to_read -= length) {
+               try_to_freeze();
+
                if (server_unresponsive(server)) {
                        total_read = -EAGAIN;
                        break;