diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-12-14 14:51:21 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-12-14 14:51:21 -0500 |
| commit | d455df0bcc00733a7d8eec900ed791ccd896a493 (patch) | |
| tree | 26ebb16c07f59ecda697d4feafec0c722596edbf | |
| parent | e375922fc5e57113b19f1355f9a6a73aa7453aaa (diff) | |
| parent | 5702591fc6a3f409f460def104ee149330dac82d (diff) | |
Merge tag '4.15-rc-smb3' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs fixes from Steve French:
"Small SMB3 fixes for stable and 4.15rc"
* tag '4.15-rc-smb3' of git://git.samba.org/sfrench/cifs-2.6:
CIFS: don't log STATUS_NOT_FOUND errors for DFS
cifs: fix NULL deref in SMB2_read
| -rw-r--r-- | fs/cifs/smb2ops.c | 3 | ||||
| -rw-r--r-- | fs/cifs/smb2pdu.c | 30 |
2 files changed, 17 insertions, 16 deletions
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index e06740436b92..ed88ab8a4774 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c | |||
| @@ -1406,7 +1406,8 @@ smb2_get_dfs_refer(const unsigned int xid, struct cifs_ses *ses, | |||
| 1406 | } while (rc == -EAGAIN); | 1406 | } while (rc == -EAGAIN); |
| 1407 | 1407 | ||
| 1408 | if (rc) { | 1408 | if (rc) { |
| 1409 | cifs_dbg(VFS, "ioctl error in smb2_get_dfs_refer rc=%d\n", rc); | 1409 | if (rc != -ENOENT) |
| 1410 | cifs_dbg(VFS, "ioctl error in smb2_get_dfs_refer rc=%d\n", rc); | ||
| 1410 | goto out; | 1411 | goto out; |
| 1411 | } | 1412 | } |
| 1412 | 1413 | ||
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 5331631386a2..01346b8b6edb 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c | |||
| @@ -2678,27 +2678,27 @@ SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms, | |||
| 2678 | cifs_small_buf_release(req); | 2678 | cifs_small_buf_release(req); |
| 2679 | 2679 | ||
| 2680 | rsp = (struct smb2_read_rsp *)rsp_iov.iov_base; | 2680 | rsp = (struct smb2_read_rsp *)rsp_iov.iov_base; |
| 2681 | shdr = get_sync_hdr(rsp); | ||
| 2682 | 2681 | ||
| 2683 | if (shdr->Status == STATUS_END_OF_FILE) { | 2682 | if (rc) { |
| 2683 | if (rc != -ENODATA) { | ||
| 2684 | cifs_stats_fail_inc(io_parms->tcon, SMB2_READ_HE); | ||
| 2685 | cifs_dbg(VFS, "Send error in read = %d\n", rc); | ||
| 2686 | } | ||
| 2684 | free_rsp_buf(resp_buftype, rsp_iov.iov_base); | 2687 | free_rsp_buf(resp_buftype, rsp_iov.iov_base); |
| 2685 | return 0; | 2688 | return rc == -ENODATA ? 0 : rc; |
| 2686 | } | 2689 | } |
| 2687 | 2690 | ||
| 2688 | if (rc) { | 2691 | *nbytes = le32_to_cpu(rsp->DataLength); |
| 2689 | cifs_stats_fail_inc(io_parms->tcon, SMB2_READ_HE); | 2692 | if ((*nbytes > CIFS_MAX_MSGSIZE) || |
| 2690 | cifs_dbg(VFS, "Send error in read = %d\n", rc); | 2693 | (*nbytes > io_parms->length)) { |
| 2691 | } else { | 2694 | cifs_dbg(FYI, "bad length %d for count %d\n", |
| 2692 | *nbytes = le32_to_cpu(rsp->DataLength); | 2695 | *nbytes, io_parms->length); |
| 2693 | if ((*nbytes > CIFS_MAX_MSGSIZE) || | 2696 | rc = -EIO; |
| 2694 | (*nbytes > io_parms->length)) { | 2697 | *nbytes = 0; |
| 2695 | cifs_dbg(FYI, "bad length %d for count %d\n", | ||
| 2696 | *nbytes, io_parms->length); | ||
| 2697 | rc = -EIO; | ||
| 2698 | *nbytes = 0; | ||
| 2699 | } | ||
| 2700 | } | 2698 | } |
| 2701 | 2699 | ||
| 2700 | shdr = get_sync_hdr(rsp); | ||
| 2701 | |||
| 2702 | if (*buf) { | 2702 | if (*buf) { |
| 2703 | memcpy(*buf, (char *)shdr + rsp->DataOffset, *nbytes); | 2703 | memcpy(*buf, (char *)shdr + rsp->DataOffset, *nbytes); |
| 2704 | free_rsp_buf(resp_buftype, rsp_iov.iov_base); | 2704 | free_rsp_buf(resp_buftype, rsp_iov.iov_base); |