diff options
-rw-r--r-- | fs/cifs/cifs_debug.c | 2 | ||||
-rw-r--r-- | fs/cifs/cifspdu.h | 22 | ||||
-rw-r--r-- | fs/cifs/cifsproto.h | 1 | ||||
-rw-r--r-- | fs/cifs/cifssmb.c | 62 | ||||
-rw-r--r-- | fs/cifs/connect.c | 4 | ||||
-rw-r--r-- | fs/cifs/misc.c | 4 | ||||
-rw-r--r-- | fs/cifs/netmisc.c | 7 | ||||
-rw-r--r-- | fs/cifs/sess.c | 2 | ||||
-rw-r--r-- | fs/cifs/transport.c | 19 |
9 files changed, 41 insertions, 82 deletions
diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c index 30d01bc90855..18f4272d9047 100644 --- a/fs/cifs/cifs_debug.c +++ b/fs/cifs/cifs_debug.c | |||
@@ -63,7 +63,7 @@ void cifs_dump_detail(struct smb_hdr *smb) | |||
63 | cERROR(1, "Cmd: %d Err: 0x%x Flags: 0x%x Flgs2: 0x%x Mid: %d Pid: %d", | 63 | cERROR(1, "Cmd: %d Err: 0x%x Flags: 0x%x Flgs2: 0x%x Mid: %d Pid: %d", |
64 | smb->Command, smb->Status.CifsError, | 64 | smb->Command, smb->Status.CifsError, |
65 | smb->Flags, smb->Flags2, smb->Mid, smb->Pid); | 65 | smb->Flags, smb->Flags2, smb->Mid, smb->Pid); |
66 | cERROR(1, "smb buf %p len %d", smb, smbCalcSize_LE(smb)); | 66 | cERROR(1, "smb buf %p len %d", smb, smbCalcSize(smb)); |
67 | } | 67 | } |
68 | 68 | ||
69 | 69 | ||
diff --git a/fs/cifs/cifspdu.h b/fs/cifs/cifspdu.h index eac95e26d696..291d735abaac 100644 --- a/fs/cifs/cifspdu.h +++ b/fs/cifs/cifspdu.h | |||
@@ -435,36 +435,18 @@ struct smb_hdr { | |||
435 | /* given a pointer to an smb_hdr retrieve the pointer to the byte area */ | 435 | /* given a pointer to an smb_hdr retrieve the pointer to the byte area */ |
436 | #define pByteArea(smb_var) (BCC(smb_var) + 2) | 436 | #define pByteArea(smb_var) (BCC(smb_var) + 2) |
437 | 437 | ||
438 | /* get the converted ByteCount for a SMB packet and return it */ | ||
439 | static inline __u16 | ||
440 | get_bcc(struct smb_hdr *hdr) | ||
441 | { | ||
442 | __u16 *bc_ptr = (__u16 *)BCC(hdr); | ||
443 | |||
444 | return get_unaligned(bc_ptr); | ||
445 | } | ||
446 | |||
447 | /* get the unconverted ByteCount for a SMB packet and return it */ | 438 | /* get the unconverted ByteCount for a SMB packet and return it */ |
448 | static inline __u16 | 439 | static inline __u16 |
449 | get_bcc_le(struct smb_hdr *hdr) | 440 | get_bcc(struct smb_hdr *hdr) |
450 | { | 441 | { |
451 | __le16 *bc_ptr = (__le16 *)BCC(hdr); | 442 | __le16 *bc_ptr = (__le16 *)BCC(hdr); |
452 | 443 | ||
453 | return get_unaligned_le16(bc_ptr); | 444 | return get_unaligned_le16(bc_ptr); |
454 | } | 445 | } |
455 | 446 | ||
456 | /* set the ByteCount for a SMB packet in host-byte order */ | ||
457 | static inline void | ||
458 | put_bcc(__u16 count, struct smb_hdr *hdr) | ||
459 | { | ||
460 | __u16 *bc_ptr = (__u16 *)BCC(hdr); | ||
461 | |||
462 | put_unaligned(count, bc_ptr); | ||
463 | } | ||
464 | |||
465 | /* set the ByteCount for a SMB packet in little-endian */ | 447 | /* set the ByteCount for a SMB packet in little-endian */ |
466 | static inline void | 448 | static inline void |
467 | put_bcc_le(__u16 count, struct smb_hdr *hdr) | 449 | put_bcc(__u16 count, struct smb_hdr *hdr) |
468 | { | 450 | { |
469 | __le16 *bc_ptr = (__le16 *)BCC(hdr); | 451 | __le16 *bc_ptr = (__le16 *)BCC(hdr); |
470 | 452 | ||
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h index 7c1ed01d03f8..136d2f2febcc 100644 --- a/fs/cifs/cifsproto.h +++ b/fs/cifs/cifsproto.h | |||
@@ -93,7 +93,6 @@ extern void cifs_update_eof(struct cifsInodeInfo *cifsi, loff_t offset, | |||
93 | extern struct cifsFileInfo *find_writable_file(struct cifsInodeInfo *, bool); | 93 | extern struct cifsFileInfo *find_writable_file(struct cifsInodeInfo *, bool); |
94 | extern struct cifsFileInfo *find_readable_file(struct cifsInodeInfo *, bool); | 94 | extern struct cifsFileInfo *find_readable_file(struct cifsInodeInfo *, bool); |
95 | extern unsigned int smbCalcSize(struct smb_hdr *ptr); | 95 | extern unsigned int smbCalcSize(struct smb_hdr *ptr); |
96 | extern unsigned int smbCalcSize_LE(struct smb_hdr *ptr); | ||
97 | extern int decode_negTokenInit(unsigned char *security_blob, int length, | 96 | extern int decode_negTokenInit(unsigned char *security_blob, int length, |
98 | struct TCP_Server_Info *server); | 97 | struct TCP_Server_Info *server); |
99 | extern int cifs_convert_address(struct sockaddr *dst, const char *src, int len); | 98 | extern int cifs_convert_address(struct sockaddr *dst, const char *src, int len); |
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 88004094ebd1..83df937b814e 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
@@ -582,7 +582,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) | |||
582 | 582 | ||
583 | if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) && | 583 | if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) && |
584 | (server->capabilities & CAP_EXTENDED_SECURITY)) { | 584 | (server->capabilities & CAP_EXTENDED_SECURITY)) { |
585 | count = pSMBr->ByteCount; | 585 | count = get_bcc(&pSMBr->hdr); |
586 | if (count < 16) { | 586 | if (count < 16) { |
587 | rc = -EIO; | 587 | rc = -EIO; |
588 | goto neg_err_exit; | 588 | goto neg_err_exit; |
@@ -736,7 +736,7 @@ CIFSSMBEcho(struct TCP_Server_Info *server) | |||
736 | smb->hdr.Tid = 0xffff; | 736 | smb->hdr.Tid = 0xffff; |
737 | smb->hdr.WordCount = 1; | 737 | smb->hdr.WordCount = 1; |
738 | put_unaligned_le16(1, &smb->EchoCount); | 738 | put_unaligned_le16(1, &smb->EchoCount); |
739 | put_bcc_le(1, &smb->hdr); | 739 | put_bcc(1, &smb->hdr); |
740 | smb->Data[0] = 'a'; | 740 | smb->Data[0] = 'a'; |
741 | inc_rfc1001_len(smb, 3); | 741 | inc_rfc1001_len(smb, 3); |
742 | 742 | ||
@@ -1079,7 +1079,7 @@ PsxCreat: | |||
1079 | cFYI(1, "copying inode info"); | 1079 | cFYI(1, "copying inode info"); |
1080 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 1080 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
1081 | 1081 | ||
1082 | if (rc || (pSMBr->ByteCount < sizeof(OPEN_PSX_RSP))) { | 1082 | if (rc || get_bcc(&pSMBr->hdr) < sizeof(OPEN_PSX_RSP)) { |
1083 | rc = -EIO; /* bad smb */ | 1083 | rc = -EIO; /* bad smb */ |
1084 | goto psx_create_err; | 1084 | goto psx_create_err; |
1085 | } | 1085 | } |
@@ -1100,7 +1100,7 @@ PsxCreat: | |||
1100 | pRetData->Type = cpu_to_le32(-1); /* unknown */ | 1100 | pRetData->Type = cpu_to_le32(-1); /* unknown */ |
1101 | cFYI(DBG2, "unknown type"); | 1101 | cFYI(DBG2, "unknown type"); |
1102 | } else { | 1102 | } else { |
1103 | if (pSMBr->ByteCount < sizeof(OPEN_PSX_RSP) | 1103 | if (get_bcc(&pSMBr->hdr) < sizeof(OPEN_PSX_RSP) |
1104 | + sizeof(FILE_UNIX_BASIC_INFO)) { | 1104 | + sizeof(FILE_UNIX_BASIC_INFO)) { |
1105 | cERROR(1, "Open response data too small"); | 1105 | cERROR(1, "Open response data too small"); |
1106 | pRetData->Type = cpu_to_le32(-1); | 1106 | pRetData->Type = cpu_to_le32(-1); |
@@ -1867,7 +1867,7 @@ CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon, | |||
1867 | __u16 data_count; | 1867 | __u16 data_count; |
1868 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 1868 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
1869 | 1869 | ||
1870 | if (rc || (pSMBr->ByteCount < sizeof(struct cifs_posix_lock))) { | 1870 | if (rc || get_bcc(&pSMBr->hdr) < sizeof(*parm_data)) { |
1871 | rc = -EIO; /* bad smb */ | 1871 | rc = -EIO; /* bad smb */ |
1872 | goto plk_err_exit; | 1872 | goto plk_err_exit; |
1873 | } | 1873 | } |
@@ -2494,7 +2494,7 @@ querySymLinkRetry: | |||
2494 | 2494 | ||
2495 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 2495 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
2496 | /* BB also check enough total bytes returned */ | 2496 | /* BB also check enough total bytes returned */ |
2497 | if (rc || (pSMBr->ByteCount < 2)) | 2497 | if (rc || get_bcc(&pSMBr->hdr) < 2) |
2498 | rc = -EIO; | 2498 | rc = -EIO; |
2499 | else { | 2499 | else { |
2500 | bool is_unicode; | 2500 | bool is_unicode; |
@@ -2576,14 +2576,14 @@ CIFSSMBQueryReparseLinkInfo(const int xid, struct cifsTconInfo *tcon, | |||
2576 | } else { /* decode response */ | 2576 | } else { /* decode response */ |
2577 | __u32 data_offset = le32_to_cpu(pSMBr->DataOffset); | 2577 | __u32 data_offset = le32_to_cpu(pSMBr->DataOffset); |
2578 | __u32 data_count = le32_to_cpu(pSMBr->DataCount); | 2578 | __u32 data_count = le32_to_cpu(pSMBr->DataCount); |
2579 | if ((pSMBr->ByteCount < 2) || (data_offset > 512)) { | 2579 | if (get_bcc(&pSMBr->hdr) < 2 || data_offset > 512) { |
2580 | /* BB also check enough total bytes returned */ | 2580 | /* BB also check enough total bytes returned */ |
2581 | rc = -EIO; /* bad smb */ | 2581 | rc = -EIO; /* bad smb */ |
2582 | goto qreparse_out; | 2582 | goto qreparse_out; |
2583 | } | 2583 | } |
2584 | if (data_count && (data_count < 2048)) { | 2584 | if (data_count && (data_count < 2048)) { |
2585 | char *end_of_smb = 2 /* sizeof byte count */ + | 2585 | char *end_of_smb = 2 /* sizeof byte count */ + |
2586 | pSMBr->ByteCount + (char *)&pSMBr->ByteCount; | 2586 | get_bcc(&pSMBr->hdr) + (char *)&pSMBr->ByteCount; |
2587 | 2587 | ||
2588 | struct reparse_data *reparse_buf = | 2588 | struct reparse_data *reparse_buf = |
2589 | (struct reparse_data *) | 2589 | (struct reparse_data *) |
@@ -2841,8 +2841,8 @@ queryAclRetry: | |||
2841 | /* decode response */ | 2841 | /* decode response */ |
2842 | 2842 | ||
2843 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 2843 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
2844 | if (rc || (pSMBr->ByteCount < 2)) | ||
2845 | /* BB also check enough total bytes returned */ | 2844 | /* BB also check enough total bytes returned */ |
2845 | if (rc || get_bcc(&pSMBr->hdr) < 2) | ||
2846 | rc = -EIO; /* bad smb */ | 2846 | rc = -EIO; /* bad smb */ |
2847 | else { | 2847 | else { |
2848 | __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); | 2848 | __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); |
@@ -2991,8 +2991,8 @@ GetExtAttrRetry: | |||
2991 | } else { | 2991 | } else { |
2992 | /* decode response */ | 2992 | /* decode response */ |
2993 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 2993 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
2994 | if (rc || (pSMBr->ByteCount < 2)) | ||
2995 | /* BB also check enough total bytes returned */ | 2994 | /* BB also check enough total bytes returned */ |
2995 | if (rc || get_bcc(&pSMBr->hdr) < 2) | ||
2996 | /* If rc should we check for EOPNOSUPP and | 2996 | /* If rc should we check for EOPNOSUPP and |
2997 | disable the srvino flag? or in caller? */ | 2997 | disable the srvino flag? or in caller? */ |
2998 | rc = -EIO; /* bad smb */ | 2998 | rc = -EIO; /* bad smb */ |
@@ -3067,6 +3067,7 @@ validate_ntransact(char *buf, char **ppparm, char **ppdata, | |||
3067 | char *end_of_smb; | 3067 | char *end_of_smb; |
3068 | __u32 data_count, data_offset, parm_count, parm_offset; | 3068 | __u32 data_count, data_offset, parm_count, parm_offset; |
3069 | struct smb_com_ntransact_rsp *pSMBr; | 3069 | struct smb_com_ntransact_rsp *pSMBr; |
3070 | u16 bcc; | ||
3070 | 3071 | ||
3071 | *pdatalen = 0; | 3072 | *pdatalen = 0; |
3072 | *pparmlen = 0; | 3073 | *pparmlen = 0; |
@@ -3076,8 +3077,8 @@ validate_ntransact(char *buf, char **ppparm, char **ppdata, | |||
3076 | 3077 | ||
3077 | pSMBr = (struct smb_com_ntransact_rsp *)buf; | 3078 | pSMBr = (struct smb_com_ntransact_rsp *)buf; |
3078 | 3079 | ||
3079 | /* ByteCount was converted from little endian in SendReceive */ | 3080 | bcc = get_bcc(&pSMBr->hdr); |
3080 | end_of_smb = 2 /* sizeof byte count */ + pSMBr->ByteCount + | 3081 | end_of_smb = 2 /* sizeof byte count */ + bcc + |
3081 | (char *)&pSMBr->ByteCount; | 3082 | (char *)&pSMBr->ByteCount; |
3082 | 3083 | ||
3083 | data_offset = le32_to_cpu(pSMBr->DataOffset); | 3084 | data_offset = le32_to_cpu(pSMBr->DataOffset); |
@@ -3103,7 +3104,7 @@ validate_ntransact(char *buf, char **ppparm, char **ppdata, | |||
3103 | *ppdata, data_count, (data_count + *ppdata), | 3104 | *ppdata, data_count, (data_count + *ppdata), |
3104 | end_of_smb, pSMBr); | 3105 | end_of_smb, pSMBr); |
3105 | return -EINVAL; | 3106 | return -EINVAL; |
3106 | } else if (parm_count + data_count > pSMBr->ByteCount) { | 3107 | } else if (parm_count + data_count > bcc) { |
3107 | cFYI(1, "parm count and data count larger than SMB"); | 3108 | cFYI(1, "parm count and data count larger than SMB"); |
3108 | return -EINVAL; | 3109 | return -EINVAL; |
3109 | } | 3110 | } |
@@ -3389,7 +3390,7 @@ QFileInfoRetry: | |||
3389 | 3390 | ||
3390 | if (rc) /* BB add auto retry on EOPNOTSUPP? */ | 3391 | if (rc) /* BB add auto retry on EOPNOTSUPP? */ |
3391 | rc = -EIO; | 3392 | rc = -EIO; |
3392 | else if (pSMBr->ByteCount < 40) | 3393 | else if (get_bcc(&pSMBr->hdr) < 40) |
3393 | rc = -EIO; /* bad smb */ | 3394 | rc = -EIO; /* bad smb */ |
3394 | else if (pFindData) { | 3395 | else if (pFindData) { |
3395 | __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); | 3396 | __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); |
@@ -3477,9 +3478,9 @@ QPathInfoRetry: | |||
3477 | 3478 | ||
3478 | if (rc) /* BB add auto retry on EOPNOTSUPP? */ | 3479 | if (rc) /* BB add auto retry on EOPNOTSUPP? */ |
3479 | rc = -EIO; | 3480 | rc = -EIO; |
3480 | else if (!legacy && (pSMBr->ByteCount < 40)) | 3481 | else if (!legacy && get_bcc(&pSMBr->hdr) < 40) |
3481 | rc = -EIO; /* bad smb */ | 3482 | rc = -EIO; /* bad smb */ |
3482 | else if (legacy && (pSMBr->ByteCount < 24)) | 3483 | else if (legacy && get_bcc(&pSMBr->hdr) < 24) |
3483 | rc = -EIO; /* 24 or 26 expected but we do not read | 3484 | rc = -EIO; /* 24 or 26 expected but we do not read |
3484 | last field */ | 3485 | last field */ |
3485 | else if (pFindData) { | 3486 | else if (pFindData) { |
@@ -3555,7 +3556,7 @@ UnixQFileInfoRetry: | |||
3555 | } else { /* decode response */ | 3556 | } else { /* decode response */ |
3556 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 3557 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
3557 | 3558 | ||
3558 | if (rc || (pSMBr->ByteCount < sizeof(FILE_UNIX_BASIC_INFO))) { | 3559 | if (rc || get_bcc(&pSMBr->hdr) < sizeof(FILE_UNIX_BASIC_INFO)) { |
3559 | cERROR(1, "Malformed FILE_UNIX_BASIC_INFO response.\n" | 3560 | cERROR(1, "Malformed FILE_UNIX_BASIC_INFO response.\n" |
3560 | "Unix Extensions can be disabled on mount " | 3561 | "Unix Extensions can be disabled on mount " |
3561 | "by specifying the nosfu mount option."); | 3562 | "by specifying the nosfu mount option."); |
@@ -3641,7 +3642,7 @@ UnixQPathInfoRetry: | |||
3641 | } else { /* decode response */ | 3642 | } else { /* decode response */ |
3642 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 3643 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
3643 | 3644 | ||
3644 | if (rc || (pSMBr->ByteCount < sizeof(FILE_UNIX_BASIC_INFO))) { | 3645 | if (rc || get_bcc(&pSMBr->hdr) < sizeof(FILE_UNIX_BASIC_INFO)) { |
3645 | cERROR(1, "Malformed FILE_UNIX_BASIC_INFO response.\n" | 3646 | cERROR(1, "Malformed FILE_UNIX_BASIC_INFO response.\n" |
3646 | "Unix Extensions can be disabled on mount " | 3647 | "Unix Extensions can be disabled on mount " |
3647 | "by specifying the nosfu mount option."); | 3648 | "by specifying the nosfu mount option."); |
@@ -4046,8 +4047,8 @@ GetInodeNumberRetry: | |||
4046 | } else { | 4047 | } else { |
4047 | /* decode response */ | 4048 | /* decode response */ |
4048 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 4049 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
4049 | if (rc || (pSMBr->ByteCount < 2)) | ||
4050 | /* BB also check enough total bytes returned */ | 4050 | /* BB also check enough total bytes returned */ |
4051 | if (rc || get_bcc(&pSMBr->hdr) < 2) | ||
4051 | /* If rc should we check for EOPNOSUPP and | 4052 | /* If rc should we check for EOPNOSUPP and |
4052 | disable the srvino flag? or in caller? */ | 4053 | disable the srvino flag? or in caller? */ |
4053 | rc = -EIO; /* bad smb */ | 4054 | rc = -EIO; /* bad smb */ |
@@ -4272,13 +4273,13 @@ getDFSRetry: | |||
4272 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 4273 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
4273 | 4274 | ||
4274 | /* BB Also check if enough total bytes returned? */ | 4275 | /* BB Also check if enough total bytes returned? */ |
4275 | if (rc || (pSMBr->ByteCount < 17)) { | 4276 | if (rc || get_bcc(&pSMBr->hdr) < 17) { |
4276 | rc = -EIO; /* bad smb */ | 4277 | rc = -EIO; /* bad smb */ |
4277 | goto GetDFSRefExit; | 4278 | goto GetDFSRefExit; |
4278 | } | 4279 | } |
4279 | 4280 | ||
4280 | cFYI(1, "Decoding GetDFSRefer response BCC: %d Offset %d", | 4281 | cFYI(1, "Decoding GetDFSRefer response BCC: %d Offset %d", |
4281 | pSMBr->ByteCount, | 4282 | get_bcc(&pSMBr->hdr), |
4282 | le16_to_cpu(pSMBr->t2.DataOffset)); | 4283 | le16_to_cpu(pSMBr->t2.DataOffset)); |
4283 | 4284 | ||
4284 | /* parse returned result into more usable form */ | 4285 | /* parse returned result into more usable form */ |
@@ -4344,12 +4345,12 @@ oldQFSInfoRetry: | |||
4344 | } else { /* decode response */ | 4345 | } else { /* decode response */ |
4345 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 4346 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
4346 | 4347 | ||
4347 | if (rc || (pSMBr->ByteCount < 18)) | 4348 | if (rc || get_bcc(&pSMBr->hdr) < 18) |
4348 | rc = -EIO; /* bad smb */ | 4349 | rc = -EIO; /* bad smb */ |
4349 | else { | 4350 | else { |
4350 | __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); | 4351 | __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); |
4351 | cFYI(1, "qfsinf resp BCC: %d Offset %d", | 4352 | cFYI(1, "qfsinf resp BCC: %d Offset %d", |
4352 | pSMBr->ByteCount, data_offset); | 4353 | get_bcc(&pSMBr->hdr), data_offset); |
4353 | 4354 | ||
4354 | response_data = (FILE_SYSTEM_ALLOC_INFO *) | 4355 | response_data = (FILE_SYSTEM_ALLOC_INFO *) |
4355 | (((char *) &pSMBr->hdr.Protocol) + data_offset); | 4356 | (((char *) &pSMBr->hdr.Protocol) + data_offset); |
@@ -4423,7 +4424,7 @@ QFSInfoRetry: | |||
4423 | } else { /* decode response */ | 4424 | } else { /* decode response */ |
4424 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 4425 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
4425 | 4426 | ||
4426 | if (rc || (pSMBr->ByteCount < 24)) | 4427 | if (rc || get_bcc(&pSMBr->hdr) < 24) |
4427 | rc = -EIO; /* bad smb */ | 4428 | rc = -EIO; /* bad smb */ |
4428 | else { | 4429 | else { |
4429 | __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); | 4430 | __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); |
@@ -4503,7 +4504,7 @@ QFSAttributeRetry: | |||
4503 | } else { /* decode response */ | 4504 | } else { /* decode response */ |
4504 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 4505 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
4505 | 4506 | ||
4506 | if (rc || (pSMBr->ByteCount < 13)) { | 4507 | if (rc || get_bcc(&pSMBr->hdr) < 13) { |
4507 | /* BB also check if enough bytes returned */ | 4508 | /* BB also check if enough bytes returned */ |
4508 | rc = -EIO; /* bad smb */ | 4509 | rc = -EIO; /* bad smb */ |
4509 | } else { | 4510 | } else { |
@@ -4574,7 +4575,8 @@ QFSDeviceRetry: | |||
4574 | } else { /* decode response */ | 4575 | } else { /* decode response */ |
4575 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 4576 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
4576 | 4577 | ||
4577 | if (rc || (pSMBr->ByteCount < sizeof(FILE_SYSTEM_DEVICE_INFO))) | 4578 | if (rc || get_bcc(&pSMBr->hdr) < |
4579 | sizeof(FILE_SYSTEM_DEVICE_INFO)) | ||
4578 | rc = -EIO; /* bad smb */ | 4580 | rc = -EIO; /* bad smb */ |
4579 | else { | 4581 | else { |
4580 | __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); | 4582 | __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); |
@@ -4643,7 +4645,7 @@ QFSUnixRetry: | |||
4643 | } else { /* decode response */ | 4645 | } else { /* decode response */ |
4644 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 4646 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
4645 | 4647 | ||
4646 | if (rc || (pSMBr->ByteCount < 13)) { | 4648 | if (rc || get_bcc(&pSMBr->hdr) < 13) { |
4647 | rc = -EIO; /* bad smb */ | 4649 | rc = -EIO; /* bad smb */ |
4648 | } else { | 4650 | } else { |
4649 | __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); | 4651 | __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); |
@@ -4788,7 +4790,7 @@ QFSPosixRetry: | |||
4788 | } else { /* decode response */ | 4790 | } else { /* decode response */ |
4789 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 4791 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
4790 | 4792 | ||
4791 | if (rc || (pSMBr->ByteCount < 13)) { | 4793 | if (rc || get_bcc(&pSMBr->hdr) < 13) { |
4792 | rc = -EIO; /* bad smb */ | 4794 | rc = -EIO; /* bad smb */ |
4793 | } else { | 4795 | } else { |
4794 | __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); | 4796 | __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); |
@@ -5517,7 +5519,7 @@ QAllEAsRetry: | |||
5517 | of these trans2 responses */ | 5519 | of these trans2 responses */ |
5518 | 5520 | ||
5519 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 5521 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
5520 | if (rc || (pSMBr->ByteCount < 4)) { | 5522 | if (rc || get_bcc(&pSMBr->hdr) < 4) { |
5521 | rc = -EIO; /* bad smb */ | 5523 | rc = -EIO; /* bad smb */ |
5522 | goto QAllEAsOut; | 5524 | goto QAllEAsOut; |
5523 | } | 5525 | } |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 5d331cdd0b27..2b511991187a 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
@@ -317,12 +317,12 @@ static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB) | |||
317 | put_unaligned_le16(total_in_buf, &pSMBt->t2_rsp.DataCount); | 317 | put_unaligned_le16(total_in_buf, &pSMBt->t2_rsp.DataCount); |
318 | 318 | ||
319 | /* fix up the BCC */ | 319 | /* fix up the BCC */ |
320 | byte_count = get_bcc_le(pTargetSMB); | 320 | byte_count = get_bcc(pTargetSMB); |
321 | byte_count += total_in_buf2; | 321 | byte_count += total_in_buf2; |
322 | /* is the result too big for the field? */ | 322 | /* is the result too big for the field? */ |
323 | if (byte_count > USHRT_MAX) | 323 | if (byte_count > USHRT_MAX) |
324 | return -EPROTO; | 324 | return -EPROTO; |
325 | put_bcc_le(byte_count, pTargetSMB); | 325 | put_bcc(byte_count, pTargetSMB); |
326 | 326 | ||
327 | byte_count = be32_to_cpu(pTargetSMB->smb_buf_length); | 327 | byte_count = be32_to_cpu(pTargetSMB->smb_buf_length); |
328 | byte_count += total_in_buf2; | 328 | byte_count += total_in_buf2; |
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index 533f863067e5..907531ac5888 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c | |||
@@ -462,7 +462,7 @@ checkSMB(struct smb_hdr *smb, __u16 mid, unsigned int length) | |||
462 | 462 | ||
463 | if (check_smb_hdr(smb, mid)) | 463 | if (check_smb_hdr(smb, mid)) |
464 | return 1; | 464 | return 1; |
465 | clc_len = smbCalcSize_LE(smb); | 465 | clc_len = smbCalcSize(smb); |
466 | 466 | ||
467 | if (4 + len != length) { | 467 | if (4 + len != length) { |
468 | cERROR(1, "Length read does not match RFC1001 length %d", | 468 | cERROR(1, "Length read does not match RFC1001 length %d", |
@@ -519,7 +519,7 @@ is_valid_oplock_break(struct smb_hdr *buf, struct TCP_Server_Info *srv) | |||
519 | (struct smb_com_transaction_change_notify_rsp *)buf; | 519 | (struct smb_com_transaction_change_notify_rsp *)buf; |
520 | struct file_notify_information *pnotify; | 520 | struct file_notify_information *pnotify; |
521 | __u32 data_offset = 0; | 521 | __u32 data_offset = 0; |
522 | if (get_bcc_le(buf) > sizeof(struct file_notify_information)) { | 522 | if (get_bcc(buf) > sizeof(struct file_notify_information)) { |
523 | data_offset = le32_to_cpu(pSMBr->DataOffset); | 523 | data_offset = le32_to_cpu(pSMBr->DataOffset); |
524 | 524 | ||
525 | pnotify = (struct file_notify_information *) | 525 | pnotify = (struct file_notify_information *) |
diff --git a/fs/cifs/netmisc.c b/fs/cifs/netmisc.c index 79f641eeda30..79b71c2c7c9d 100644 --- a/fs/cifs/netmisc.c +++ b/fs/cifs/netmisc.c | |||
@@ -919,13 +919,6 @@ smbCalcSize(struct smb_hdr *ptr) | |||
919 | 2 /* size of the bcc field */ + get_bcc(ptr)); | 919 | 2 /* size of the bcc field */ + get_bcc(ptr)); |
920 | } | 920 | } |
921 | 921 | ||
922 | unsigned int | ||
923 | smbCalcSize_LE(struct smb_hdr *ptr) | ||
924 | { | ||
925 | return (sizeof(struct smb_hdr) + (2 * ptr->WordCount) + | ||
926 | 2 /* size of the bcc field */ + get_bcc_le(ptr)); | ||
927 | } | ||
928 | |||
929 | /* The following are taken from fs/ntfs/util.c */ | 922 | /* The following are taken from fs/ntfs/util.c */ |
930 | 923 | ||
931 | #define NTFS_TIME_OFFSET ((u64)(369*365 + 89) * 24 * 3600 * 10000000) | 924 | #define NTFS_TIME_OFFSET ((u64)(369*365 + 89) * 24 * 3600 * 10000000) |
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 1daadade4d3c..7dd462100378 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c | |||
@@ -862,7 +862,7 @@ ssetup_ntlmssp_authenticate: | |||
862 | smb_buf->smb_buf_length = | 862 | smb_buf->smb_buf_length = |
863 | cpu_to_be32(be32_to_cpu(smb_buf->smb_buf_length) + count); | 863 | cpu_to_be32(be32_to_cpu(smb_buf->smb_buf_length) + count); |
864 | 864 | ||
865 | put_bcc_le(count, smb_buf); | 865 | put_bcc(count, smb_buf); |
866 | 866 | ||
867 | rc = SendReceive2(xid, ses, iov, 3 /* num_iovecs */, &resp_buf_type, | 867 | rc = SendReceive2(xid, ses, iov, 3 /* num_iovecs */, &resp_buf_type, |
868 | CIFS_LOG_ERROR); | 868 | CIFS_LOG_ERROR); |
diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c index 19df0e5af122..f2513fb8c391 100644 --- a/fs/cifs/transport.c +++ b/fs/cifs/transport.c | |||
@@ -484,7 +484,7 @@ send_nt_cancel(struct TCP_Server_Info *server, struct smb_hdr *in_buf, | |||
484 | in_buf->smb_buf_length = cpu_to_be32(sizeof(struct smb_hdr) - 4 + 2); | 484 | in_buf->smb_buf_length = cpu_to_be32(sizeof(struct smb_hdr) - 4 + 2); |
485 | in_buf->Command = SMB_COM_NT_CANCEL; | 485 | in_buf->Command = SMB_COM_NT_CANCEL; |
486 | in_buf->WordCount = 0; | 486 | in_buf->WordCount = 0; |
487 | put_bcc_le(0, in_buf); | 487 | put_bcc(0, in_buf); |
488 | 488 | ||
489 | mutex_lock(&server->srv_mutex); | 489 | mutex_lock(&server->srv_mutex); |
490 | rc = cifs_sign_smb(in_buf, server, &mid->sequence_number); | 490 | rc = cifs_sign_smb(in_buf, server, &mid->sequence_number); |
@@ -644,11 +644,6 @@ SendReceive2(const unsigned int xid, struct cifsSesInfo *ses, | |||
644 | rc = map_smb_to_linux_error(midQ->resp_buf, | 644 | rc = map_smb_to_linux_error(midQ->resp_buf, |
645 | flags & CIFS_LOG_ERROR); | 645 | flags & CIFS_LOG_ERROR); |
646 | 646 | ||
647 | /* convert ByteCount if necessary */ | ||
648 | if (receive_len >= sizeof(struct smb_hdr) - 4 | ||
649 | /* do not count RFC1001 header */ + | ||
650 | (2 * midQ->resp_buf->WordCount) + 2 /* bcc */ ) | ||
651 | put_bcc(get_bcc_le(midQ->resp_buf), midQ->resp_buf); | ||
652 | if ((flags & CIFS_NO_RESP) == 0) | 647 | if ((flags & CIFS_NO_RESP) == 0) |
653 | midQ->resp_buf = NULL; /* mark it so buf will | 648 | midQ->resp_buf = NULL; /* mark it so buf will |
654 | not be freed by | 649 | not be freed by |
@@ -798,12 +793,6 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses, | |||
798 | 793 | ||
799 | /* BB special case reconnect tid and uid here? */ | 794 | /* BB special case reconnect tid and uid here? */ |
800 | rc = map_smb_to_linux_error(out_buf, 0 /* no log */ ); | 795 | rc = map_smb_to_linux_error(out_buf, 0 /* no log */ ); |
801 | |||
802 | /* convert ByteCount if necessary */ | ||
803 | if (receive_len >= sizeof(struct smb_hdr) - 4 | ||
804 | /* do not count RFC1001 header */ + | ||
805 | (2 * out_buf->WordCount) + 2 /* bcc */ ) | ||
806 | put_bcc(get_bcc_le(midQ->resp_buf), midQ->resp_buf); | ||
807 | } else { | 796 | } else { |
808 | rc = -EIO; | 797 | rc = -EIO; |
809 | cERROR(1, "Bad MID state?"); | 798 | cERROR(1, "Bad MID state?"); |
@@ -1012,12 +1001,6 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon, | |||
1012 | /* BB special case reconnect tid and uid here? */ | 1001 | /* BB special case reconnect tid and uid here? */ |
1013 | rc = map_smb_to_linux_error(out_buf, 0 /* no log */ ); | 1002 | rc = map_smb_to_linux_error(out_buf, 0 /* no log */ ); |
1014 | 1003 | ||
1015 | /* convert ByteCount if necessary */ | ||
1016 | if (receive_len >= sizeof(struct smb_hdr) - 4 | ||
1017 | /* do not count RFC1001 header */ + | ||
1018 | (2 * out_buf->WordCount) + 2 /* bcc */ ) | ||
1019 | put_bcc(get_bcc_le(out_buf), out_buf); | ||
1020 | |||
1021 | out: | 1004 | out: |
1022 | delete_mid(midQ); | 1005 | delete_mid(midQ); |
1023 | if (rstart && rc == -EACCES) | 1006 | if (rstart && rc == -EACCES) |