aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fs/cifs/cifs_debug.c2
-rw-r--r--fs/cifs/cifspdu.h22
-rw-r--r--fs/cifs/cifsproto.h1
-rw-r--r--fs/cifs/cifssmb.c62
-rw-r--r--fs/cifs/connect.c4
-rw-r--r--fs/cifs/misc.c4
-rw-r--r--fs/cifs/netmisc.c7
-rw-r--r--fs/cifs/sess.c2
-rw-r--r--fs/cifs/transport.c19
9 files changed, 41 insertions, 82 deletions
diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
index 30d01bc90855..18f4272d9047 100644
--- a/fs/cifs/cifs_debug.c
+++ b/fs/cifs/cifs_debug.c
@@ -63,7 +63,7 @@ void cifs_dump_detail(struct smb_hdr *smb)
63 cERROR(1, "Cmd: %d Err: 0x%x Flags: 0x%x Flgs2: 0x%x Mid: %d Pid: %d", 63 cERROR(1, "Cmd: %d Err: 0x%x Flags: 0x%x Flgs2: 0x%x Mid: %d Pid: %d",
64 smb->Command, smb->Status.CifsError, 64 smb->Command, smb->Status.CifsError,
65 smb->Flags, smb->Flags2, smb->Mid, smb->Pid); 65 smb->Flags, smb->Flags2, smb->Mid, smb->Pid);
66 cERROR(1, "smb buf %p len %d", smb, smbCalcSize_LE(smb)); 66 cERROR(1, "smb buf %p len %d", smb, smbCalcSize(smb));
67} 67}
68 68
69 69
diff --git a/fs/cifs/cifspdu.h b/fs/cifs/cifspdu.h
index eac95e26d696..291d735abaac 100644
--- a/fs/cifs/cifspdu.h
+++ b/fs/cifs/cifspdu.h
@@ -435,36 +435,18 @@ struct smb_hdr {
435/* given a pointer to an smb_hdr retrieve the pointer to the byte area */ 435/* given a pointer to an smb_hdr retrieve the pointer to the byte area */
436#define pByteArea(smb_var) (BCC(smb_var) + 2) 436#define pByteArea(smb_var) (BCC(smb_var) + 2)
437 437
438/* get the converted ByteCount for a SMB packet and return it */
439static inline __u16
440get_bcc(struct smb_hdr *hdr)
441{
442 __u16 *bc_ptr = (__u16 *)BCC(hdr);
443
444 return get_unaligned(bc_ptr);
445}
446
447/* get the unconverted ByteCount for a SMB packet and return it */ 438/* get the unconverted ByteCount for a SMB packet and return it */
448static inline __u16 439static inline __u16
449get_bcc_le(struct smb_hdr *hdr) 440get_bcc(struct smb_hdr *hdr)
450{ 441{
451 __le16 *bc_ptr = (__le16 *)BCC(hdr); 442 __le16 *bc_ptr = (__le16 *)BCC(hdr);
452 443
453 return get_unaligned_le16(bc_ptr); 444 return get_unaligned_le16(bc_ptr);
454} 445}
455 446
456/* set the ByteCount for a SMB packet in host-byte order */
457static inline void
458put_bcc(__u16 count, struct smb_hdr *hdr)
459{
460 __u16 *bc_ptr = (__u16 *)BCC(hdr);
461
462 put_unaligned(count, bc_ptr);
463}
464
465/* set the ByteCount for a SMB packet in little-endian */ 447/* set the ByteCount for a SMB packet in little-endian */
466static inline void 448static inline void
467put_bcc_le(__u16 count, struct smb_hdr *hdr) 449put_bcc(__u16 count, struct smb_hdr *hdr)
468{ 450{
469 __le16 *bc_ptr = (__le16 *)BCC(hdr); 451 __le16 *bc_ptr = (__le16 *)BCC(hdr);
470 452
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index 7c1ed01d03f8..136d2f2febcc 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -93,7 +93,6 @@ extern void cifs_update_eof(struct cifsInodeInfo *cifsi, loff_t offset,
93extern struct cifsFileInfo *find_writable_file(struct cifsInodeInfo *, bool); 93extern struct cifsFileInfo *find_writable_file(struct cifsInodeInfo *, bool);
94extern struct cifsFileInfo *find_readable_file(struct cifsInodeInfo *, bool); 94extern struct cifsFileInfo *find_readable_file(struct cifsInodeInfo *, bool);
95extern unsigned int smbCalcSize(struct smb_hdr *ptr); 95extern unsigned int smbCalcSize(struct smb_hdr *ptr);
96extern unsigned int smbCalcSize_LE(struct smb_hdr *ptr);
97extern int decode_negTokenInit(unsigned char *security_blob, int length, 96extern int decode_negTokenInit(unsigned char *security_blob, int length,
98 struct TCP_Server_Info *server); 97 struct TCP_Server_Info *server);
99extern int cifs_convert_address(struct sockaddr *dst, const char *src, int len); 98extern int cifs_convert_address(struct sockaddr *dst, const char *src, int len);
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 88004094ebd1..83df937b814e 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -582,7 +582,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
582 582
583 if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) && 583 if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) &&
584 (server->capabilities & CAP_EXTENDED_SECURITY)) { 584 (server->capabilities & CAP_EXTENDED_SECURITY)) {
585 count = pSMBr->ByteCount; 585 count = get_bcc(&pSMBr->hdr);
586 if (count < 16) { 586 if (count < 16) {
587 rc = -EIO; 587 rc = -EIO;
588 goto neg_err_exit; 588 goto neg_err_exit;
@@ -736,7 +736,7 @@ CIFSSMBEcho(struct TCP_Server_Info *server)
736 smb->hdr.Tid = 0xffff; 736 smb->hdr.Tid = 0xffff;
737 smb->hdr.WordCount = 1; 737 smb->hdr.WordCount = 1;
738 put_unaligned_le16(1, &smb->EchoCount); 738 put_unaligned_le16(1, &smb->EchoCount);
739 put_bcc_le(1, &smb->hdr); 739 put_bcc(1, &smb->hdr);
740 smb->Data[0] = 'a'; 740 smb->Data[0] = 'a';
741 inc_rfc1001_len(smb, 3); 741 inc_rfc1001_len(smb, 3);
742 742
@@ -1079,7 +1079,7 @@ PsxCreat:
1079 cFYI(1, "copying inode info"); 1079 cFYI(1, "copying inode info");
1080 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 1080 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
1081 1081
1082 if (rc || (pSMBr->ByteCount < sizeof(OPEN_PSX_RSP))) { 1082 if (rc || get_bcc(&pSMBr->hdr) < sizeof(OPEN_PSX_RSP)) {
1083 rc = -EIO; /* bad smb */ 1083 rc = -EIO; /* bad smb */
1084 goto psx_create_err; 1084 goto psx_create_err;
1085 } 1085 }
@@ -1100,7 +1100,7 @@ PsxCreat:
1100 pRetData->Type = cpu_to_le32(-1); /* unknown */ 1100 pRetData->Type = cpu_to_le32(-1); /* unknown */
1101 cFYI(DBG2, "unknown type"); 1101 cFYI(DBG2, "unknown type");
1102 } else { 1102 } else {
1103 if (pSMBr->ByteCount < sizeof(OPEN_PSX_RSP) 1103 if (get_bcc(&pSMBr->hdr) < sizeof(OPEN_PSX_RSP)
1104 + sizeof(FILE_UNIX_BASIC_INFO)) { 1104 + sizeof(FILE_UNIX_BASIC_INFO)) {
1105 cERROR(1, "Open response data too small"); 1105 cERROR(1, "Open response data too small");
1106 pRetData->Type = cpu_to_le32(-1); 1106 pRetData->Type = cpu_to_le32(-1);
@@ -1867,7 +1867,7 @@ CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon,
1867 __u16 data_count; 1867 __u16 data_count;
1868 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 1868 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
1869 1869
1870 if (rc || (pSMBr->ByteCount < sizeof(struct cifs_posix_lock))) { 1870 if (rc || get_bcc(&pSMBr->hdr) < sizeof(*parm_data)) {
1871 rc = -EIO; /* bad smb */ 1871 rc = -EIO; /* bad smb */
1872 goto plk_err_exit; 1872 goto plk_err_exit;
1873 } 1873 }
@@ -2494,7 +2494,7 @@ querySymLinkRetry:
2494 2494
2495 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 2495 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
2496 /* BB also check enough total bytes returned */ 2496 /* BB also check enough total bytes returned */
2497 if (rc || (pSMBr->ByteCount < 2)) 2497 if (rc || get_bcc(&pSMBr->hdr) < 2)
2498 rc = -EIO; 2498 rc = -EIO;
2499 else { 2499 else {
2500 bool is_unicode; 2500 bool is_unicode;
@@ -2576,14 +2576,14 @@ CIFSSMBQueryReparseLinkInfo(const int xid, struct cifsTconInfo *tcon,
2576 } else { /* decode response */ 2576 } else { /* decode response */
2577 __u32 data_offset = le32_to_cpu(pSMBr->DataOffset); 2577 __u32 data_offset = le32_to_cpu(pSMBr->DataOffset);
2578 __u32 data_count = le32_to_cpu(pSMBr->DataCount); 2578 __u32 data_count = le32_to_cpu(pSMBr->DataCount);
2579 if ((pSMBr->ByteCount < 2) || (data_offset > 512)) { 2579 if (get_bcc(&pSMBr->hdr) < 2 || data_offset > 512) {
2580 /* BB also check enough total bytes returned */ 2580 /* BB also check enough total bytes returned */
2581 rc = -EIO; /* bad smb */ 2581 rc = -EIO; /* bad smb */
2582 goto qreparse_out; 2582 goto qreparse_out;
2583 } 2583 }
2584 if (data_count && (data_count < 2048)) { 2584 if (data_count && (data_count < 2048)) {
2585 char *end_of_smb = 2 /* sizeof byte count */ + 2585 char *end_of_smb = 2 /* sizeof byte count */ +
2586 pSMBr->ByteCount + (char *)&pSMBr->ByteCount; 2586 get_bcc(&pSMBr->hdr) + (char *)&pSMBr->ByteCount;
2587 2587
2588 struct reparse_data *reparse_buf = 2588 struct reparse_data *reparse_buf =
2589 (struct reparse_data *) 2589 (struct reparse_data *)
@@ -2841,8 +2841,8 @@ queryAclRetry:
2841 /* decode response */ 2841 /* decode response */
2842 2842
2843 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 2843 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
2844 if (rc || (pSMBr->ByteCount < 2))
2845 /* BB also check enough total bytes returned */ 2844 /* BB also check enough total bytes returned */
2845 if (rc || get_bcc(&pSMBr->hdr) < 2)
2846 rc = -EIO; /* bad smb */ 2846 rc = -EIO; /* bad smb */
2847 else { 2847 else {
2848 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 2848 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
@@ -2991,8 +2991,8 @@ GetExtAttrRetry:
2991 } else { 2991 } else {
2992 /* decode response */ 2992 /* decode response */
2993 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 2993 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
2994 if (rc || (pSMBr->ByteCount < 2))
2995 /* BB also check enough total bytes returned */ 2994 /* BB also check enough total bytes returned */
2995 if (rc || get_bcc(&pSMBr->hdr) < 2)
2996 /* If rc should we check for EOPNOSUPP and 2996 /* If rc should we check for EOPNOSUPP and
2997 disable the srvino flag? or in caller? */ 2997 disable the srvino flag? or in caller? */
2998 rc = -EIO; /* bad smb */ 2998 rc = -EIO; /* bad smb */
@@ -3067,6 +3067,7 @@ validate_ntransact(char *buf, char **ppparm, char **ppdata,
3067 char *end_of_smb; 3067 char *end_of_smb;
3068 __u32 data_count, data_offset, parm_count, parm_offset; 3068 __u32 data_count, data_offset, parm_count, parm_offset;
3069 struct smb_com_ntransact_rsp *pSMBr; 3069 struct smb_com_ntransact_rsp *pSMBr;
3070 u16 bcc;
3070 3071
3071 *pdatalen = 0; 3072 *pdatalen = 0;
3072 *pparmlen = 0; 3073 *pparmlen = 0;
@@ -3076,8 +3077,8 @@ validate_ntransact(char *buf, char **ppparm, char **ppdata,
3076 3077
3077 pSMBr = (struct smb_com_ntransact_rsp *)buf; 3078 pSMBr = (struct smb_com_ntransact_rsp *)buf;
3078 3079
3079 /* ByteCount was converted from little endian in SendReceive */ 3080 bcc = get_bcc(&pSMBr->hdr);
3080 end_of_smb = 2 /* sizeof byte count */ + pSMBr->ByteCount + 3081 end_of_smb = 2 /* sizeof byte count */ + bcc +
3081 (char *)&pSMBr->ByteCount; 3082 (char *)&pSMBr->ByteCount;
3082 3083
3083 data_offset = le32_to_cpu(pSMBr->DataOffset); 3084 data_offset = le32_to_cpu(pSMBr->DataOffset);
@@ -3103,7 +3104,7 @@ validate_ntransact(char *buf, char **ppparm, char **ppdata,
3103 *ppdata, data_count, (data_count + *ppdata), 3104 *ppdata, data_count, (data_count + *ppdata),
3104 end_of_smb, pSMBr); 3105 end_of_smb, pSMBr);
3105 return -EINVAL; 3106 return -EINVAL;
3106 } else if (parm_count + data_count > pSMBr->ByteCount) { 3107 } else if (parm_count + data_count > bcc) {
3107 cFYI(1, "parm count and data count larger than SMB"); 3108 cFYI(1, "parm count and data count larger than SMB");
3108 return -EINVAL; 3109 return -EINVAL;
3109 } 3110 }
@@ -3389,7 +3390,7 @@ QFileInfoRetry:
3389 3390
3390 if (rc) /* BB add auto retry on EOPNOTSUPP? */ 3391 if (rc) /* BB add auto retry on EOPNOTSUPP? */
3391 rc = -EIO; 3392 rc = -EIO;
3392 else if (pSMBr->ByteCount < 40) 3393 else if (get_bcc(&pSMBr->hdr) < 40)
3393 rc = -EIO; /* bad smb */ 3394 rc = -EIO; /* bad smb */
3394 else if (pFindData) { 3395 else if (pFindData) {
3395 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 3396 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
@@ -3477,9 +3478,9 @@ QPathInfoRetry:
3477 3478
3478 if (rc) /* BB add auto retry on EOPNOTSUPP? */ 3479 if (rc) /* BB add auto retry on EOPNOTSUPP? */
3479 rc = -EIO; 3480 rc = -EIO;
3480 else if (!legacy && (pSMBr->ByteCount < 40)) 3481 else if (!legacy && get_bcc(&pSMBr->hdr) < 40)
3481 rc = -EIO; /* bad smb */ 3482 rc = -EIO; /* bad smb */
3482 else if (legacy && (pSMBr->ByteCount < 24)) 3483 else if (legacy && get_bcc(&pSMBr->hdr) < 24)
3483 rc = -EIO; /* 24 or 26 expected but we do not read 3484 rc = -EIO; /* 24 or 26 expected but we do not read
3484 last field */ 3485 last field */
3485 else if (pFindData) { 3486 else if (pFindData) {
@@ -3555,7 +3556,7 @@ UnixQFileInfoRetry:
3555 } else { /* decode response */ 3556 } else { /* decode response */
3556 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 3557 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
3557 3558
3558 if (rc || (pSMBr->ByteCount < sizeof(FILE_UNIX_BASIC_INFO))) { 3559 if (rc || get_bcc(&pSMBr->hdr) < sizeof(FILE_UNIX_BASIC_INFO)) {
3559 cERROR(1, "Malformed FILE_UNIX_BASIC_INFO response.\n" 3560 cERROR(1, "Malformed FILE_UNIX_BASIC_INFO response.\n"
3560 "Unix Extensions can be disabled on mount " 3561 "Unix Extensions can be disabled on mount "
3561 "by specifying the nosfu mount option."); 3562 "by specifying the nosfu mount option.");
@@ -3641,7 +3642,7 @@ UnixQPathInfoRetry:
3641 } else { /* decode response */ 3642 } else { /* decode response */
3642 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 3643 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
3643 3644
3644 if (rc || (pSMBr->ByteCount < sizeof(FILE_UNIX_BASIC_INFO))) { 3645 if (rc || get_bcc(&pSMBr->hdr) < sizeof(FILE_UNIX_BASIC_INFO)) {
3645 cERROR(1, "Malformed FILE_UNIX_BASIC_INFO response.\n" 3646 cERROR(1, "Malformed FILE_UNIX_BASIC_INFO response.\n"
3646 "Unix Extensions can be disabled on mount " 3647 "Unix Extensions can be disabled on mount "
3647 "by specifying the nosfu mount option."); 3648 "by specifying the nosfu mount option.");
@@ -4046,8 +4047,8 @@ GetInodeNumberRetry:
4046 } else { 4047 } else {
4047 /* decode response */ 4048 /* decode response */
4048 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 4049 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
4049 if (rc || (pSMBr->ByteCount < 2))
4050 /* BB also check enough total bytes returned */ 4050 /* BB also check enough total bytes returned */
4051 if (rc || get_bcc(&pSMBr->hdr) < 2)
4051 /* If rc should we check for EOPNOSUPP and 4052 /* If rc should we check for EOPNOSUPP and
4052 disable the srvino flag? or in caller? */ 4053 disable the srvino flag? or in caller? */
4053 rc = -EIO; /* bad smb */ 4054 rc = -EIO; /* bad smb */
@@ -4272,13 +4273,13 @@ getDFSRetry:
4272 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 4273 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
4273 4274
4274 /* BB Also check if enough total bytes returned? */ 4275 /* BB Also check if enough total bytes returned? */
4275 if (rc || (pSMBr->ByteCount < 17)) { 4276 if (rc || get_bcc(&pSMBr->hdr) < 17) {
4276 rc = -EIO; /* bad smb */ 4277 rc = -EIO; /* bad smb */
4277 goto GetDFSRefExit; 4278 goto GetDFSRefExit;
4278 } 4279 }
4279 4280
4280 cFYI(1, "Decoding GetDFSRefer response BCC: %d Offset %d", 4281 cFYI(1, "Decoding GetDFSRefer response BCC: %d Offset %d",
4281 pSMBr->ByteCount, 4282 get_bcc(&pSMBr->hdr),
4282 le16_to_cpu(pSMBr->t2.DataOffset)); 4283 le16_to_cpu(pSMBr->t2.DataOffset));
4283 4284
4284 /* parse returned result into more usable form */ 4285 /* parse returned result into more usable form */
@@ -4344,12 +4345,12 @@ oldQFSInfoRetry:
4344 } else { /* decode response */ 4345 } else { /* decode response */
4345 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 4346 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
4346 4347
4347 if (rc || (pSMBr->ByteCount < 18)) 4348 if (rc || get_bcc(&pSMBr->hdr) < 18)
4348 rc = -EIO; /* bad smb */ 4349 rc = -EIO; /* bad smb */
4349 else { 4350 else {
4350 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 4351 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
4351 cFYI(1, "qfsinf resp BCC: %d Offset %d", 4352 cFYI(1, "qfsinf resp BCC: %d Offset %d",
4352 pSMBr->ByteCount, data_offset); 4353 get_bcc(&pSMBr->hdr), data_offset);
4353 4354
4354 response_data = (FILE_SYSTEM_ALLOC_INFO *) 4355 response_data = (FILE_SYSTEM_ALLOC_INFO *)
4355 (((char *) &pSMBr->hdr.Protocol) + data_offset); 4356 (((char *) &pSMBr->hdr.Protocol) + data_offset);
@@ -4423,7 +4424,7 @@ QFSInfoRetry:
4423 } else { /* decode response */ 4424 } else { /* decode response */
4424 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 4425 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
4425 4426
4426 if (rc || (pSMBr->ByteCount < 24)) 4427 if (rc || get_bcc(&pSMBr->hdr) < 24)
4427 rc = -EIO; /* bad smb */ 4428 rc = -EIO; /* bad smb */
4428 else { 4429 else {
4429 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 4430 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
@@ -4503,7 +4504,7 @@ QFSAttributeRetry:
4503 } else { /* decode response */ 4504 } else { /* decode response */
4504 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 4505 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
4505 4506
4506 if (rc || (pSMBr->ByteCount < 13)) { 4507 if (rc || get_bcc(&pSMBr->hdr) < 13) {
4507 /* BB also check if enough bytes returned */ 4508 /* BB also check if enough bytes returned */
4508 rc = -EIO; /* bad smb */ 4509 rc = -EIO; /* bad smb */
4509 } else { 4510 } else {
@@ -4574,7 +4575,8 @@ QFSDeviceRetry:
4574 } else { /* decode response */ 4575 } else { /* decode response */
4575 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 4576 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
4576 4577
4577 if (rc || (pSMBr->ByteCount < sizeof(FILE_SYSTEM_DEVICE_INFO))) 4578 if (rc || get_bcc(&pSMBr->hdr) <
4579 sizeof(FILE_SYSTEM_DEVICE_INFO))
4578 rc = -EIO; /* bad smb */ 4580 rc = -EIO; /* bad smb */
4579 else { 4581 else {
4580 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 4582 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
@@ -4643,7 +4645,7 @@ QFSUnixRetry:
4643 } else { /* decode response */ 4645 } else { /* decode response */
4644 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 4646 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
4645 4647
4646 if (rc || (pSMBr->ByteCount < 13)) { 4648 if (rc || get_bcc(&pSMBr->hdr) < 13) {
4647 rc = -EIO; /* bad smb */ 4649 rc = -EIO; /* bad smb */
4648 } else { 4650 } else {
4649 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 4651 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
@@ -4788,7 +4790,7 @@ QFSPosixRetry:
4788 } else { /* decode response */ 4790 } else { /* decode response */
4789 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 4791 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
4790 4792
4791 if (rc || (pSMBr->ByteCount < 13)) { 4793 if (rc || get_bcc(&pSMBr->hdr) < 13) {
4792 rc = -EIO; /* bad smb */ 4794 rc = -EIO; /* bad smb */
4793 } else { 4795 } else {
4794 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 4796 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
@@ -5517,7 +5519,7 @@ QAllEAsRetry:
5517 of these trans2 responses */ 5519 of these trans2 responses */
5518 5520
5519 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 5521 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
5520 if (rc || (pSMBr->ByteCount < 4)) { 5522 if (rc || get_bcc(&pSMBr->hdr) < 4) {
5521 rc = -EIO; /* bad smb */ 5523 rc = -EIO; /* bad smb */
5522 goto QAllEAsOut; 5524 goto QAllEAsOut;
5523 } 5525 }
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 5d331cdd0b27..2b511991187a 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -317,12 +317,12 @@ static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
317 put_unaligned_le16(total_in_buf, &pSMBt->t2_rsp.DataCount); 317 put_unaligned_le16(total_in_buf, &pSMBt->t2_rsp.DataCount);
318 318
319 /* fix up the BCC */ 319 /* fix up the BCC */
320 byte_count = get_bcc_le(pTargetSMB); 320 byte_count = get_bcc(pTargetSMB);
321 byte_count += total_in_buf2; 321 byte_count += total_in_buf2;
322 /* is the result too big for the field? */ 322 /* is the result too big for the field? */
323 if (byte_count > USHRT_MAX) 323 if (byte_count > USHRT_MAX)
324 return -EPROTO; 324 return -EPROTO;
325 put_bcc_le(byte_count, pTargetSMB); 325 put_bcc(byte_count, pTargetSMB);
326 326
327 byte_count = be32_to_cpu(pTargetSMB->smb_buf_length); 327 byte_count = be32_to_cpu(pTargetSMB->smb_buf_length);
328 byte_count += total_in_buf2; 328 byte_count += total_in_buf2;
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
index 533f863067e5..907531ac5888 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -462,7 +462,7 @@ checkSMB(struct smb_hdr *smb, __u16 mid, unsigned int length)
462 462
463 if (check_smb_hdr(smb, mid)) 463 if (check_smb_hdr(smb, mid))
464 return 1; 464 return 1;
465 clc_len = smbCalcSize_LE(smb); 465 clc_len = smbCalcSize(smb);
466 466
467 if (4 + len != length) { 467 if (4 + len != length) {
468 cERROR(1, "Length read does not match RFC1001 length %d", 468 cERROR(1, "Length read does not match RFC1001 length %d",
@@ -519,7 +519,7 @@ is_valid_oplock_break(struct smb_hdr *buf, struct TCP_Server_Info *srv)
519 (struct smb_com_transaction_change_notify_rsp *)buf; 519 (struct smb_com_transaction_change_notify_rsp *)buf;
520 struct file_notify_information *pnotify; 520 struct file_notify_information *pnotify;
521 __u32 data_offset = 0; 521 __u32 data_offset = 0;
522 if (get_bcc_le(buf) > sizeof(struct file_notify_information)) { 522 if (get_bcc(buf) > sizeof(struct file_notify_information)) {
523 data_offset = le32_to_cpu(pSMBr->DataOffset); 523 data_offset = le32_to_cpu(pSMBr->DataOffset);
524 524
525 pnotify = (struct file_notify_information *) 525 pnotify = (struct file_notify_information *)
diff --git a/fs/cifs/netmisc.c b/fs/cifs/netmisc.c
index 79f641eeda30..79b71c2c7c9d 100644
--- a/fs/cifs/netmisc.c
+++ b/fs/cifs/netmisc.c
@@ -919,13 +919,6 @@ smbCalcSize(struct smb_hdr *ptr)
919 2 /* size of the bcc field */ + get_bcc(ptr)); 919 2 /* size of the bcc field */ + get_bcc(ptr));
920} 920}
921 921
922unsigned int
923smbCalcSize_LE(struct smb_hdr *ptr)
924{
925 return (sizeof(struct smb_hdr) + (2 * ptr->WordCount) +
926 2 /* size of the bcc field */ + get_bcc_le(ptr));
927}
928
929/* The following are taken from fs/ntfs/util.c */ 922/* The following are taken from fs/ntfs/util.c */
930 923
931#define NTFS_TIME_OFFSET ((u64)(369*365 + 89) * 24 * 3600 * 10000000) 924#define NTFS_TIME_OFFSET ((u64)(369*365 + 89) * 24 * 3600 * 10000000)
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 1daadade4d3c..7dd462100378 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -862,7 +862,7 @@ ssetup_ntlmssp_authenticate:
862 smb_buf->smb_buf_length = 862 smb_buf->smb_buf_length =
863 cpu_to_be32(be32_to_cpu(smb_buf->smb_buf_length) + count); 863 cpu_to_be32(be32_to_cpu(smb_buf->smb_buf_length) + count);
864 864
865 put_bcc_le(count, smb_buf); 865 put_bcc(count, smb_buf);
866 866
867 rc = SendReceive2(xid, ses, iov, 3 /* num_iovecs */, &resp_buf_type, 867 rc = SendReceive2(xid, ses, iov, 3 /* num_iovecs */, &resp_buf_type,
868 CIFS_LOG_ERROR); 868 CIFS_LOG_ERROR);
diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
index 19df0e5af122..f2513fb8c391 100644
--- a/fs/cifs/transport.c
+++ b/fs/cifs/transport.c
@@ -484,7 +484,7 @@ send_nt_cancel(struct TCP_Server_Info *server, struct smb_hdr *in_buf,
484 in_buf->smb_buf_length = cpu_to_be32(sizeof(struct smb_hdr) - 4 + 2); 484 in_buf->smb_buf_length = cpu_to_be32(sizeof(struct smb_hdr) - 4 + 2);
485 in_buf->Command = SMB_COM_NT_CANCEL; 485 in_buf->Command = SMB_COM_NT_CANCEL;
486 in_buf->WordCount = 0; 486 in_buf->WordCount = 0;
487 put_bcc_le(0, in_buf); 487 put_bcc(0, in_buf);
488 488
489 mutex_lock(&server->srv_mutex); 489 mutex_lock(&server->srv_mutex);
490 rc = cifs_sign_smb(in_buf, server, &mid->sequence_number); 490 rc = cifs_sign_smb(in_buf, server, &mid->sequence_number);
@@ -644,11 +644,6 @@ SendReceive2(const unsigned int xid, struct cifsSesInfo *ses,
644 rc = map_smb_to_linux_error(midQ->resp_buf, 644 rc = map_smb_to_linux_error(midQ->resp_buf,
645 flags & CIFS_LOG_ERROR); 645 flags & CIFS_LOG_ERROR);
646 646
647 /* convert ByteCount if necessary */
648 if (receive_len >= sizeof(struct smb_hdr) - 4
649 /* do not count RFC1001 header */ +
650 (2 * midQ->resp_buf->WordCount) + 2 /* bcc */ )
651 put_bcc(get_bcc_le(midQ->resp_buf), midQ->resp_buf);
652 if ((flags & CIFS_NO_RESP) == 0) 647 if ((flags & CIFS_NO_RESP) == 0)
653 midQ->resp_buf = NULL; /* mark it so buf will 648 midQ->resp_buf = NULL; /* mark it so buf will
654 not be freed by 649 not be freed by
@@ -798,12 +793,6 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses,
798 793
799 /* BB special case reconnect tid and uid here? */ 794 /* BB special case reconnect tid and uid here? */
800 rc = map_smb_to_linux_error(out_buf, 0 /* no log */ ); 795 rc = map_smb_to_linux_error(out_buf, 0 /* no log */ );
801
802 /* convert ByteCount if necessary */
803 if (receive_len >= sizeof(struct smb_hdr) - 4
804 /* do not count RFC1001 header */ +
805 (2 * out_buf->WordCount) + 2 /* bcc */ )
806 put_bcc(get_bcc_le(midQ->resp_buf), midQ->resp_buf);
807 } else { 796 } else {
808 rc = -EIO; 797 rc = -EIO;
809 cERROR(1, "Bad MID state?"); 798 cERROR(1, "Bad MID state?");
@@ -1012,12 +1001,6 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon,
1012 /* BB special case reconnect tid and uid here? */ 1001 /* BB special case reconnect tid and uid here? */
1013 rc = map_smb_to_linux_error(out_buf, 0 /* no log */ ); 1002 rc = map_smb_to_linux_error(out_buf, 0 /* no log */ );
1014 1003
1015 /* convert ByteCount if necessary */
1016 if (receive_len >= sizeof(struct smb_hdr) - 4
1017 /* do not count RFC1001 header */ +
1018 (2 * out_buf->WordCount) + 2 /* bcc */ )
1019 put_bcc(get_bcc_le(out_buf), out_buf);
1020
1021out: 1004out:
1022 delete_mid(midQ); 1005 delete_mid(midQ);
1023 if (rstart && rc == -EACCES) 1006 if (rstart && rc == -EACCES)