diff options
Diffstat (limited to 'fs/cifs/cifssmb.c')
-rw-r--r-- | fs/cifs/cifssmb.c | 183 |
1 files changed, 92 insertions, 91 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 2f2632b6df5a..67acfb3acad2 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
@@ -2478,95 +2478,6 @@ querySymLinkRetry: | |||
2478 | } | 2478 | } |
2479 | 2479 | ||
2480 | #ifdef CONFIG_CIFS_EXPERIMENTAL | 2480 | #ifdef CONFIG_CIFS_EXPERIMENTAL |
2481 | /* Initialize NT TRANSACT SMB into small smb request buffer. | ||
2482 | This assumes that all NT TRANSACTS that we init here have | ||
2483 | total parm and data under about 400 bytes (to fit in small cifs | ||
2484 | buffer size), which is the case so far, it easily fits. NB: | ||
2485 | Setup words themselves and ByteCount | ||
2486 | MaxSetupCount (size of returned setup area) and | ||
2487 | MaxParameterCount (returned parms size) must be set by caller */ | ||
2488 | static int | ||
2489 | smb_init_nttransact(const __u16 sub_command, const int setup_count, | ||
2490 | const int parm_len, struct cifsTconInfo *tcon, | ||
2491 | void **ret_buf) | ||
2492 | { | ||
2493 | int rc; | ||
2494 | __u32 temp_offset; | ||
2495 | struct smb_com_ntransact_req *pSMB; | ||
2496 | |||
2497 | rc = small_smb_init(SMB_COM_NT_TRANSACT, 19 + setup_count, tcon, | ||
2498 | (void **)&pSMB); | ||
2499 | if (rc) | ||
2500 | return rc; | ||
2501 | *ret_buf = (void *)pSMB; | ||
2502 | pSMB->Reserved = 0; | ||
2503 | pSMB->TotalParameterCount = cpu_to_le32(parm_len); | ||
2504 | pSMB->TotalDataCount = 0; | ||
2505 | pSMB->MaxDataCount = cpu_to_le32((tcon->ses->server->maxBuf - | ||
2506 | MAX_CIFS_HDR_SIZE) & 0xFFFFFF00); | ||
2507 | pSMB->ParameterCount = pSMB->TotalParameterCount; | ||
2508 | pSMB->DataCount = pSMB->TotalDataCount; | ||
2509 | temp_offset = offsetof(struct smb_com_ntransact_req, Parms) + | ||
2510 | (setup_count * 2) - 4 /* for rfc1001 length itself */; | ||
2511 | pSMB->ParameterOffset = cpu_to_le32(temp_offset); | ||
2512 | pSMB->DataOffset = cpu_to_le32(temp_offset + parm_len); | ||
2513 | pSMB->SetupCount = setup_count; /* no need to le convert byte fields */ | ||
2514 | pSMB->SubCommand = cpu_to_le16(sub_command); | ||
2515 | return 0; | ||
2516 | } | ||
2517 | |||
2518 | static int | ||
2519 | validate_ntransact(char *buf, char **ppparm, char **ppdata, | ||
2520 | __u32 *pparmlen, __u32 *pdatalen) | ||
2521 | { | ||
2522 | char *end_of_smb; | ||
2523 | __u32 data_count, data_offset, parm_count, parm_offset; | ||
2524 | struct smb_com_ntransact_rsp *pSMBr; | ||
2525 | |||
2526 | *pdatalen = 0; | ||
2527 | *pparmlen = 0; | ||
2528 | |||
2529 | if (buf == NULL) | ||
2530 | return -EINVAL; | ||
2531 | |||
2532 | pSMBr = (struct smb_com_ntransact_rsp *)buf; | ||
2533 | |||
2534 | /* ByteCount was converted from little endian in SendReceive */ | ||
2535 | end_of_smb = 2 /* sizeof byte count */ + pSMBr->ByteCount + | ||
2536 | (char *)&pSMBr->ByteCount; | ||
2537 | |||
2538 | data_offset = le32_to_cpu(pSMBr->DataOffset); | ||
2539 | data_count = le32_to_cpu(pSMBr->DataCount); | ||
2540 | parm_offset = le32_to_cpu(pSMBr->ParameterOffset); | ||
2541 | parm_count = le32_to_cpu(pSMBr->ParameterCount); | ||
2542 | |||
2543 | *ppparm = (char *)&pSMBr->hdr.Protocol + parm_offset; | ||
2544 | *ppdata = (char *)&pSMBr->hdr.Protocol + data_offset; | ||
2545 | |||
2546 | /* should we also check that parm and data areas do not overlap? */ | ||
2547 | if (*ppparm > end_of_smb) { | ||
2548 | cFYI(1, "parms start after end of smb"); | ||
2549 | return -EINVAL; | ||
2550 | } else if (parm_count + *ppparm > end_of_smb) { | ||
2551 | cFYI(1, "parm end after end of smb"); | ||
2552 | return -EINVAL; | ||
2553 | } else if (*ppdata > end_of_smb) { | ||
2554 | cFYI(1, "data starts after end of smb"); | ||
2555 | return -EINVAL; | ||
2556 | } else if (data_count + *ppdata > end_of_smb) { | ||
2557 | cFYI(1, "data %p + count %d (%p) past smb end %p start %p", | ||
2558 | *ppdata, data_count, (data_count + *ppdata), | ||
2559 | end_of_smb, pSMBr); | ||
2560 | return -EINVAL; | ||
2561 | } else if (parm_count + data_count > pSMBr->ByteCount) { | ||
2562 | cFYI(1, "parm count and data count larger than SMB"); | ||
2563 | return -EINVAL; | ||
2564 | } | ||
2565 | *pdatalen = data_count; | ||
2566 | *pparmlen = parm_count; | ||
2567 | return 0; | ||
2568 | } | ||
2569 | |||
2570 | int | 2481 | int |
2571 | CIFSSMBQueryReparseLinkInfo(const int xid, struct cifsTconInfo *tcon, | 2482 | CIFSSMBQueryReparseLinkInfo(const int xid, struct cifsTconInfo *tcon, |
2572 | const unsigned char *searchName, | 2483 | const unsigned char *searchName, |
@@ -3056,7 +2967,97 @@ GetExtAttrOut: | |||
3056 | 2967 | ||
3057 | #endif /* CONFIG_POSIX */ | 2968 | #endif /* CONFIG_POSIX */ |
3058 | 2969 | ||
3059 | #ifdef CONFIG_CIFS_EXPERIMENTAL | 2970 | #ifdef CONFIG_CIFS_ACL |
2971 | /* | ||
2972 | * Initialize NT TRANSACT SMB into small smb request buffer. This assumes that | ||
2973 | * all NT TRANSACTS that we init here have total parm and data under about 400 | ||
2974 | * bytes (to fit in small cifs buffer size), which is the case so far, it | ||
2975 | * easily fits. NB: Setup words themselves and ByteCount MaxSetupCount (size of | ||
2976 | * returned setup area) and MaxParameterCount (returned parms size) must be set | ||
2977 | * by caller | ||
2978 | */ | ||
2979 | static int | ||
2980 | smb_init_nttransact(const __u16 sub_command, const int setup_count, | ||
2981 | const int parm_len, struct cifsTconInfo *tcon, | ||
2982 | void **ret_buf) | ||
2983 | { | ||
2984 | int rc; | ||
2985 | __u32 temp_offset; | ||
2986 | struct smb_com_ntransact_req *pSMB; | ||
2987 | |||
2988 | rc = small_smb_init(SMB_COM_NT_TRANSACT, 19 + setup_count, tcon, | ||
2989 | (void **)&pSMB); | ||
2990 | if (rc) | ||
2991 | return rc; | ||
2992 | *ret_buf = (void *)pSMB; | ||
2993 | pSMB->Reserved = 0; | ||
2994 | pSMB->TotalParameterCount = cpu_to_le32(parm_len); | ||
2995 | pSMB->TotalDataCount = 0; | ||
2996 | pSMB->MaxDataCount = cpu_to_le32((tcon->ses->server->maxBuf - | ||
2997 | MAX_CIFS_HDR_SIZE) & 0xFFFFFF00); | ||
2998 | pSMB->ParameterCount = pSMB->TotalParameterCount; | ||
2999 | pSMB->DataCount = pSMB->TotalDataCount; | ||
3000 | temp_offset = offsetof(struct smb_com_ntransact_req, Parms) + | ||
3001 | (setup_count * 2) - 4 /* for rfc1001 length itself */; | ||
3002 | pSMB->ParameterOffset = cpu_to_le32(temp_offset); | ||
3003 | pSMB->DataOffset = cpu_to_le32(temp_offset + parm_len); | ||
3004 | pSMB->SetupCount = setup_count; /* no need to le convert byte fields */ | ||
3005 | pSMB->SubCommand = cpu_to_le16(sub_command); | ||
3006 | return 0; | ||
3007 | } | ||
3008 | |||
3009 | static int | ||
3010 | validate_ntransact(char *buf, char **ppparm, char **ppdata, | ||
3011 | __u32 *pparmlen, __u32 *pdatalen) | ||
3012 | { | ||
3013 | char *end_of_smb; | ||
3014 | __u32 data_count, data_offset, parm_count, parm_offset; | ||
3015 | struct smb_com_ntransact_rsp *pSMBr; | ||
3016 | |||
3017 | *pdatalen = 0; | ||
3018 | *pparmlen = 0; | ||
3019 | |||
3020 | if (buf == NULL) | ||
3021 | return -EINVAL; | ||
3022 | |||
3023 | pSMBr = (struct smb_com_ntransact_rsp *)buf; | ||
3024 | |||
3025 | /* ByteCount was converted from little endian in SendReceive */ | ||
3026 | end_of_smb = 2 /* sizeof byte count */ + pSMBr->ByteCount + | ||
3027 | (char *)&pSMBr->ByteCount; | ||
3028 | |||
3029 | data_offset = le32_to_cpu(pSMBr->DataOffset); | ||
3030 | data_count = le32_to_cpu(pSMBr->DataCount); | ||
3031 | parm_offset = le32_to_cpu(pSMBr->ParameterOffset); | ||
3032 | parm_count = le32_to_cpu(pSMBr->ParameterCount); | ||
3033 | |||
3034 | *ppparm = (char *)&pSMBr->hdr.Protocol + parm_offset; | ||
3035 | *ppdata = (char *)&pSMBr->hdr.Protocol + data_offset; | ||
3036 | |||
3037 | /* should we also check that parm and data areas do not overlap? */ | ||
3038 | if (*ppparm > end_of_smb) { | ||
3039 | cFYI(1, "parms start after end of smb"); | ||
3040 | return -EINVAL; | ||
3041 | } else if (parm_count + *ppparm > end_of_smb) { | ||
3042 | cFYI(1, "parm end after end of smb"); | ||
3043 | return -EINVAL; | ||
3044 | } else if (*ppdata > end_of_smb) { | ||
3045 | cFYI(1, "data starts after end of smb"); | ||
3046 | return -EINVAL; | ||
3047 | } else if (data_count + *ppdata > end_of_smb) { | ||
3048 | cFYI(1, "data %p + count %d (%p) past smb end %p start %p", | ||
3049 | *ppdata, data_count, (data_count + *ppdata), | ||
3050 | end_of_smb, pSMBr); | ||
3051 | return -EINVAL; | ||
3052 | } else if (parm_count + data_count > pSMBr->ByteCount) { | ||
3053 | cFYI(1, "parm count and data count larger than SMB"); | ||
3054 | return -EINVAL; | ||
3055 | } | ||
3056 | *pdatalen = data_count; | ||
3057 | *pparmlen = parm_count; | ||
3058 | return 0; | ||
3059 | } | ||
3060 | |||
3060 | /* Get Security Descriptor (by handle) from remote server for a file or dir */ | 3061 | /* Get Security Descriptor (by handle) from remote server for a file or dir */ |
3061 | int | 3062 | int |
3062 | CIFSSMBGetCIFSACL(const int xid, struct cifsTconInfo *tcon, __u16 fid, | 3063 | CIFSSMBGetCIFSACL(const int xid, struct cifsTconInfo *tcon, __u16 fid, |
@@ -3214,7 +3215,7 @@ setCifsAclRetry: | |||
3214 | return (rc); | 3215 | return (rc); |
3215 | } | 3216 | } |
3216 | 3217 | ||
3217 | #endif /* CONFIG_CIFS_EXPERIMENTAL */ | 3218 | #endif /* CONFIG_CIFS_ACL */ |
3218 | 3219 | ||
3219 | /* Legacy Query Path Information call for lookup to old servers such | 3220 | /* Legacy Query Path Information call for lookup to old servers such |
3220 | as Win9x/WinME */ | 3221 | as Win9x/WinME */ |