cifs: change validate_buf to validate_iov

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
author: Ronnie Sahlberg <lsahlber@redhat.com> 2018-04-09 04:06:30 -0400
committer: Steve French <smfrench@gmail.com> 2018-04-12 21:32:55 -0400
commit: c1596ff52466522c98013f1610797a85ba5d4e63 (patch)
tree: 8efe5631b59d99d5c8a68ca0782fe576e33d047d
parent: 05432e2938ddb8bd942e5a89298e763cf785edb6 (diff)
1 files changed, 21 insertions, 18 deletions
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 8a6921ef2ce1..0f044c4a2dc9 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -2206,13 +2206,13 @@ close_exit:
 }
 static int
-validate_buf(unsigned int offset, unsigned int buffer_length,
+validate_iov(struct TCP_Server_Info *server,
-             struct smb2_hdr *hdr, unsigned int min_buf_size)
+             unsigned int offset, unsigned int buffer_length,
+             struct kvec *iov, unsigned int min_buf_size)
 {
-        unsigned int smb_len = be32_to_cpu(hdr->smb2_buf_length);
+        unsigned int smb_len = iov->iov_len;
-        char *end_of_smb = smb_len + 4 /* RFC1001 length field */ + (char *)hdr;
+        char *end_of_smb = smb_len + server->vals->header_preamble_size + (char *)iov->iov_base;
-        char *begin_of_buf = 4 /* RFC1001 len field */ + offset + (char *)hdr;
+        char *begin_of_buf = server->vals->header_preamble_size + offset + (char *)iov->iov_base;
        char *end_of_buf = begin_of_buf + buffer_length;
@@ -2242,18 +2242,18 @@ validate_buf(unsigned int offset, unsigned int buffer_length,
 * Caller must free buffer.
 */
 static int
-validate_and_copy_buf(unsigned int offset, unsigned int buffer_length,
+validate_and_copy_iov(struct TCP_Server_Info *server,
-                      struct smb2_hdr *hdr, unsigned int minbufsize,
+                      unsigned int offset, unsigned int buffer_length,
+                      struct kvec *iov, unsigned int minbufsize,
                      char *data)
 {
-        char *begin_of_buf = 4 /* RFC1001 len field */ + offset + (char *)hdr;
+        char *begin_of_buf = server->vals->header_preamble_size + offset + (char *)(iov->iov_base);
        int rc;
        if (!data)
                return -EINVAL;
-        rc = validate_buf(offset, buffer_length, hdr, minbufsize);
+        rc = validate_iov(server, offset, buffer_length, iov, minbufsize);
        if (rc)
                return rc;
@@ -2331,9 +2331,10 @@ query_info(const unsigned int xid, struct cifs_tcon *tcon,
                }
        }
-        rc = validate_and_copy_buf(le16_to_cpu(rsp->OutputBufferOffset),
+        rc = validate_and_copy_iov(ses->server,
+                                   le16_to_cpu(rsp->OutputBufferOffset),
                                   le32_to_cpu(rsp->OutputBufferLength),
-                                   &rsp->hdr, min_len, *data);
+                                   &rsp_iov, min_len, *data);
 qinf_exit:
        free_rsp_buf(resp_buftype, rsp);
@@ -3254,8 +3255,9 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
                goto qdir_exit;
        }
-        rc = validate_buf(le16_to_cpu(rsp->OutputBufferOffset),
+        rc = validate_iov(server,
-                          le32_to_cpu(rsp->OutputBufferLength), &rsp->hdr,
+                          le16_to_cpu(rsp->OutputBufferOffset),
+                          le32_to_cpu(rsp->OutputBufferLength), &rsp_iov,
                          info_buf_size);
        if (rc)
                goto qdir_exit;
@@ -3627,8 +3629,9 @@ SMB2_QFS_info(const unsigned int xid, struct cifs_tcon *tcon,
        info = (struct smb2_fs_full_size_info *)(server->vals->header_preamble_size +
                le16_to_cpu(rsp->OutputBufferOffset) + (char *)&rsp->hdr);
-        rc = validate_buf(le16_to_cpu(rsp->OutputBufferOffset),
+        rc = validate_iov(server,
-                          le32_to_cpu(rsp->OutputBufferLength), &rsp->hdr,
+                          le16_to_cpu(rsp->OutputBufferOffset),
+                          le32_to_cpu(rsp->OutputBufferLength), &rsp_iov,
                          sizeof(struct smb2_fs_full_size_info));
        if (!rc)
                copy_fs_info_to_kstatfs(info, fsdata);
@@ -3684,7 +3687,7 @@ SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon,
        rsp_len = le32_to_cpu(rsp->OutputBufferLength);
        offset = le16_to_cpu(rsp->OutputBufferOffset);
-        rc = validate_buf(offset, rsp_len, &rsp->hdr, min_len);
+        rc = validate_iov(server, offset, rsp_len, &rsp_iov, min_len);
        if (rc)
                goto qfsattr_exit;
author	Ronnie Sahlberg <lsahlber@redhat.com>	2018-04-09 04:06:30 -0400
committer	Steve French <smfrench@gmail.com>	2018-04-12 21:32:55 -0400
commit	c1596ff52466522c98013f1610797a85ba5d4e63 (patch)
tree	8efe5631b59d99d5c8a68ca0782fe576e33d047d
parent	05432e2938ddb8bd942e5a89298e763cf785edb6 (diff)

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 8a6921ef2ce1..0f044c4a2dc9 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c
@@ -2206,13 +2206,13 @@ close_exit:
2206	}	2206	}
2207		2207
2208	static int	2208	static int
2209	validate_buf(unsigned int offset, unsigned int buffer_length,	2209	validate_iov(struct TCP_Server_Info *server,
2210	struct smb2_hdr *hdr, unsigned int min_buf_size)	2210	unsigned int offset, unsigned int buffer_length,
2211		2211	struct kvec *iov, unsigned int min_buf_size)
2212	{	2212	{
2213	unsigned int smb_len = be32_to_cpu(hdr->smb2_buf_length);	2213	unsigned int smb_len = iov->iov_len;
2214	char end_of_smb = smb_len + 4 / RFC1001 length field / + (char )hdr;	2214	char end_of_smb = smb_len + server->vals->header_preamble_size + (char )iov->iov_base;
2215	char begin_of_buf = 4 / RFC1001 len field / + offset + (char )hdr;	2215	char begin_of_buf = server->vals->header_preamble_size + offset + (char )iov->iov_base;
2216	char *end_of_buf = begin_of_buf + buffer_length;	2216	char *end_of_buf = begin_of_buf + buffer_length;
2217		2217
2218		2218
@@ -2242,18 +2242,18 @@ validate_buf(unsigned int offset, unsigned int buffer_length,
2242	* Caller must free buffer.	2242	* Caller must free buffer.
2243	*/	2243	*/
2244	static int	2244	static int
2245	validate_and_copy_buf(unsigned int offset, unsigned int buffer_length,	2245	validate_and_copy_iov(struct TCP_Server_Info *server,
2246	struct smb2_hdr *hdr, unsigned int minbufsize,	2246	unsigned int offset, unsigned int buffer_length,
		2247	struct kvec *iov, unsigned int minbufsize,
2247	char *data)	2248	char *data)
2248
2249	{	2249	{
2250	char begin_of_buf = 4 / RFC1001 len field / + offset + (char )hdr;	2250	char begin_of_buf = server->vals->header_preamble_size + offset + (char )(iov->iov_base);
2251	int rc;	2251	int rc;
2252		2252
2253	if (!data)	2253	if (!data)
2254	return -EINVAL;	2254	return -EINVAL;
2255		2255
2256	rc = validate_buf(offset, buffer_length, hdr, minbufsize);	2256	rc = validate_iov(server, offset, buffer_length, iov, minbufsize);
2257	if (rc)	2257	if (rc)
2258	return rc;	2258	return rc;
2259		2259
@@ -2331,9 +2331,10 @@ query_info(const unsigned int xid, struct cifs_tcon *tcon,
2331	}	2331	}
2332	}	2332	}
2333		2333
2334	rc = validate_and_copy_buf(le16_to_cpu(rsp->OutputBufferOffset),	2334	rc = validate_and_copy_iov(ses->server,
		2335	le16_to_cpu(rsp->OutputBufferOffset),
2335	le32_to_cpu(rsp->OutputBufferLength),	2336	le32_to_cpu(rsp->OutputBufferLength),
2336	&rsp->hdr, min_len, *data);	2337	&rsp_iov, min_len, *data);
2337		2338
2338	qinf_exit:	2339	qinf_exit:
2339	free_rsp_buf(resp_buftype, rsp);	2340	free_rsp_buf(resp_buftype, rsp);
@@ -3254,8 +3255,9 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
3254	goto qdir_exit;	3255	goto qdir_exit;
3255	}	3256	}
3256		3257
3257	rc = validate_buf(le16_to_cpu(rsp->OutputBufferOffset),	3258	rc = validate_iov(server,
3258	le32_to_cpu(rsp->OutputBufferLength), &rsp->hdr,	3259	le16_to_cpu(rsp->OutputBufferOffset),
		3260	le32_to_cpu(rsp->OutputBufferLength), &rsp_iov,
3259	info_buf_size);	3261	info_buf_size);
3260	if (rc)	3262	if (rc)
3261	goto qdir_exit;	3263	goto qdir_exit;
@@ -3627,8 +3629,9 @@ SMB2_QFS_info(const unsigned int xid, struct cifs_tcon *tcon,
3627		3629
3628	info = (struct smb2_fs_full_size_info *)(server->vals->header_preamble_size +	3630	info = (struct smb2_fs_full_size_info *)(server->vals->header_preamble_size +
3629	le16_to_cpu(rsp->OutputBufferOffset) + (char *)&rsp->hdr);	3631	le16_to_cpu(rsp->OutputBufferOffset) + (char *)&rsp->hdr);
3630	rc = validate_buf(le16_to_cpu(rsp->OutputBufferOffset),	3632	rc = validate_iov(server,
3631	le32_to_cpu(rsp->OutputBufferLength), &rsp->hdr,	3633	le16_to_cpu(rsp->OutputBufferOffset),
		3634	le32_to_cpu(rsp->OutputBufferLength), &rsp_iov,
3632	sizeof(struct smb2_fs_full_size_info));	3635	sizeof(struct smb2_fs_full_size_info));
3633	if (!rc)	3636	if (!rc)
3634	copy_fs_info_to_kstatfs(info, fsdata);	3637	copy_fs_info_to_kstatfs(info, fsdata);
@@ -3684,7 +3687,7 @@ SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon,
3684		3687
3685	rsp_len = le32_to_cpu(rsp->OutputBufferLength);	3688	rsp_len = le32_to_cpu(rsp->OutputBufferLength);
3686	offset = le16_to_cpu(rsp->OutputBufferOffset);	3689	offset = le16_to_cpu(rsp->OutputBufferOffset);
3687	rc = validate_buf(offset, rsp_len, &rsp->hdr, min_len);	3690	rc = validate_iov(server, offset, rsp_len, &rsp_iov, min_len);
3688	if (rc)	3691	if (rc)
3689	goto qfsattr_exit;	3692	goto qfsattr_exit;
3690		3693