smb: client: allow parsing zero-length AV pairs

[ Upstream commit be77ab6b9fbe348daf3c2d3ee40f23ca5110a339 ]

Zero-length AV pairs should be considered as valid target infos.
Don't skip the next AV pairs that follow them.

Cc: linux-cifs@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>
Fixes: 0e8ae9b953bc ("smb: client: parse av pair type 4 in CHALLENGE_MESSAGE")
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/smb/client/cifsencrypt.c b/fs/smb/client/cifsencrypt.c
index 35892df7335c750e9f3a1a495996714f189e83f1..6be850d2a346772bb252bbf9e3bdbb37d0486486 100644 (file)
--- a/fs/smb/client/cifsencrypt.c
+++ b/fs/smb/client/cifsencrypt.c
@@ -343,7 +343,7 @@ static struct ntlmssp2_name *find_next_av(struct cifs_ses *ses,
        len = AV_LEN(av);
        if (AV_TYPE(av) == NTLMSSP_AV_EOL)
                return NULL;
-       if (!len || (u8 *)av + sizeof(*av) + len > end)
+       if ((u8 *)av + sizeof(*av) + len > end)
                return NULL;
        return av;
 }
@@ -363,7 +363,7 @@ static int find_av_name(struct cifs_ses *ses, u16 type, char **name, u16 maxlen)
 
        av_for_each_entry(ses, av) {
                len = AV_LEN(av);
-               if (AV_TYPE(av) != type)
+               if (AV_TYPE(av) != type || !len)
                        continue;
                if (!IS_ALIGNED(len, sizeof(__le16))) {
                        cifs_dbg(VFS | ONCE, "%s: bad length(%u) for type %u\n",