diff options
Diffstat (limited to 'fs/cifs/cifssmb.c')
| -rw-r--r-- | fs/cifs/cifssmb.c | 32 |
1 files changed, 9 insertions, 23 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index b7df4bff3aaa..602326fa4a4f 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
| @@ -453,8 +453,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifs_ses *ses) | |||
| 453 | } | 453 | } |
| 454 | server->sec_mode = (__u8)le16_to_cpu(rsp->SecurityMode); | 454 | server->sec_mode = (__u8)le16_to_cpu(rsp->SecurityMode); |
| 455 | server->maxReq = le16_to_cpu(rsp->MaxMpxCount); | 455 | server->maxReq = le16_to_cpu(rsp->MaxMpxCount); |
| 456 | server->maxBuf = min((__u32)le16_to_cpu(rsp->MaxBufSize), | 456 | server->maxBuf = le16_to_cpu(rsp->MaxBufSize); |
| 457 | (__u32)CIFSMaxBufSize + MAX_CIFS_HDR_SIZE); | ||
| 458 | server->max_vcs = le16_to_cpu(rsp->MaxNumberVcs); | 457 | server->max_vcs = le16_to_cpu(rsp->MaxNumberVcs); |
| 459 | /* even though we do not use raw we might as well set this | 458 | /* even though we do not use raw we might as well set this |
| 460 | accurately, in case we ever find a need for it */ | 459 | accurately, in case we ever find a need for it */ |
| @@ -561,8 +560,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifs_ses *ses) | |||
| 561 | little endian */ | 560 | little endian */ |
| 562 | server->maxReq = le16_to_cpu(pSMBr->MaxMpxCount); | 561 | server->maxReq = le16_to_cpu(pSMBr->MaxMpxCount); |
| 563 | /* probably no need to store and check maxvcs */ | 562 | /* probably no need to store and check maxvcs */ |
| 564 | server->maxBuf = min(le32_to_cpu(pSMBr->MaxBufferSize), | 563 | server->maxBuf = le32_to_cpu(pSMBr->MaxBufferSize); |
| 565 | (__u32) CIFSMaxBufSize + MAX_CIFS_HDR_SIZE); | ||
| 566 | server->max_rw = le32_to_cpu(pSMBr->MaxRawSize); | 564 | server->max_rw = le32_to_cpu(pSMBr->MaxRawSize); |
| 567 | cFYI(DBG2, "Max buf = %d", ses->server->maxBuf); | 565 | cFYI(DBG2, "Max buf = %d", ses->server->maxBuf); |
| 568 | server->capabilities = le32_to_cpu(pSMBr->Capabilities); | 566 | server->capabilities = le32_to_cpu(pSMBr->Capabilities); |
| @@ -2812,8 +2810,7 @@ CIFSSMBQueryReparseLinkInfo(const int xid, struct cifs_tcon *tcon, | |||
| 2812 | pSMB->TotalDataCount = 0; | 2810 | pSMB->TotalDataCount = 0; |
| 2813 | pSMB->MaxParameterCount = cpu_to_le32(2); | 2811 | pSMB->MaxParameterCount = cpu_to_le32(2); |
| 2814 | /* BB find exact data count max from sess structure BB */ | 2812 | /* BB find exact data count max from sess structure BB */ |
| 2815 | pSMB->MaxDataCount = cpu_to_le32((tcon->ses->server->maxBuf - | 2813 | pSMB->MaxDataCount = cpu_to_le32(CIFSMaxBufSize & 0xFFFFFF00); |
| 2816 | MAX_CIFS_HDR_SIZE) & 0xFFFFFF00); | ||
| 2817 | pSMB->MaxSetupCount = 4; | 2814 | pSMB->MaxSetupCount = 4; |
| 2818 | pSMB->Reserved = 0; | 2815 | pSMB->Reserved = 0; |
| 2819 | pSMB->ParameterOffset = 0; | 2816 | pSMB->ParameterOffset = 0; |
| @@ -3306,8 +3303,7 @@ smb_init_nttransact(const __u16 sub_command, const int setup_count, | |||
| 3306 | pSMB->Reserved = 0; | 3303 | pSMB->Reserved = 0; |
| 3307 | pSMB->TotalParameterCount = cpu_to_le32(parm_len); | 3304 | pSMB->TotalParameterCount = cpu_to_le32(parm_len); |
| 3308 | pSMB->TotalDataCount = 0; | 3305 | pSMB->TotalDataCount = 0; |
| 3309 | pSMB->MaxDataCount = cpu_to_le32((tcon->ses->server->maxBuf - | 3306 | pSMB->MaxDataCount = cpu_to_le32(CIFSMaxBufSize & 0xFFFFFF00); |
| 3310 | MAX_CIFS_HDR_SIZE) & 0xFFFFFF00); | ||
| 3311 | pSMB->ParameterCount = pSMB->TotalParameterCount; | 3307 | pSMB->ParameterCount = pSMB->TotalParameterCount; |
| 3312 | pSMB->DataCount = pSMB->TotalDataCount; | 3308 | pSMB->DataCount = pSMB->TotalDataCount; |
| 3313 | temp_offset = offsetof(struct smb_com_ntransact_req, Parms) + | 3309 | temp_offset = offsetof(struct smb_com_ntransact_req, Parms) + |
| @@ -3977,8 +3973,7 @@ findFirstRetry: | |||
| 3977 | params = 12 + name_len /* includes null */ ; | 3973 | params = 12 + name_len /* includes null */ ; |
| 3978 | pSMB->TotalDataCount = 0; /* no EAs */ | 3974 | pSMB->TotalDataCount = 0; /* no EAs */ |
| 3979 | pSMB->MaxParameterCount = cpu_to_le16(10); | 3975 | pSMB->MaxParameterCount = cpu_to_le16(10); |
| 3980 | pSMB->MaxDataCount = cpu_to_le16((tcon->ses->server->maxBuf - | 3976 | pSMB->MaxDataCount = cpu_to_le16(CIFSMaxBufSize & 0xFFFFFF00); |
| 3981 | MAX_CIFS_HDR_SIZE) & 0xFFFFFF00); | ||
| 3982 | pSMB->MaxSetupCount = 0; | 3977 | pSMB->MaxSetupCount = 0; |
| 3983 | pSMB->Reserved = 0; | 3978 | pSMB->Reserved = 0; |
| 3984 | pSMB->Flags = 0; | 3979 | pSMB->Flags = 0; |
| @@ -4052,8 +4047,7 @@ findFirstRetry: | |||
| 4052 | psrch_inf->index_of_last_entry = 2 /* skip . and .. */ + | 4047 | psrch_inf->index_of_last_entry = 2 /* skip . and .. */ + |
| 4053 | psrch_inf->entries_in_buffer; | 4048 | psrch_inf->entries_in_buffer; |
| 4054 | lnoff = le16_to_cpu(parms->LastNameOffset); | 4049 | lnoff = le16_to_cpu(parms->LastNameOffset); |
| 4055 | if (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE < | 4050 | if (CIFSMaxBufSize < lnoff) { |
| 4056 | lnoff) { | ||
| 4057 | cERROR(1, "ignoring corrupt resume name"); | 4051 | cERROR(1, "ignoring corrupt resume name"); |
| 4058 | psrch_inf->last_entry = NULL; | 4052 | psrch_inf->last_entry = NULL; |
| 4059 | return rc; | 4053 | return rc; |
| @@ -4097,9 +4091,7 @@ int CIFSFindNext(const int xid, struct cifs_tcon *tcon, | |||
| 4097 | byte_count = 0; | 4091 | byte_count = 0; |
| 4098 | pSMB->TotalDataCount = 0; /* no EAs */ | 4092 | pSMB->TotalDataCount = 0; /* no EAs */ |
| 4099 | pSMB->MaxParameterCount = cpu_to_le16(8); | 4093 | pSMB->MaxParameterCount = cpu_to_le16(8); |
| 4100 | pSMB->MaxDataCount = | 4094 | pSMB->MaxDataCount = cpu_to_le16(CIFSMaxBufSize & 0xFFFFFF00); |
| 4101 | cpu_to_le16((tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE) & | ||
| 4102 | 0xFFFFFF00); | ||
| 4103 | pSMB->MaxSetupCount = 0; | 4095 | pSMB->MaxSetupCount = 0; |
| 4104 | pSMB->Reserved = 0; | 4096 | pSMB->Reserved = 0; |
| 4105 | pSMB->Flags = 0; | 4097 | pSMB->Flags = 0; |
| @@ -4181,8 +4173,7 @@ int CIFSFindNext(const int xid, struct cifs_tcon *tcon, | |||
| 4181 | psrch_inf->index_of_last_entry += | 4173 | psrch_inf->index_of_last_entry += |
| 4182 | psrch_inf->entries_in_buffer; | 4174 | psrch_inf->entries_in_buffer; |
| 4183 | lnoff = le16_to_cpu(parms->LastNameOffset); | 4175 | lnoff = le16_to_cpu(parms->LastNameOffset); |
| 4184 | if (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE < | 4176 | if (CIFSMaxBufSize < lnoff) { |
| 4185 | lnoff) { | ||
| 4186 | cERROR(1, "ignoring corrupt resume name"); | 4177 | cERROR(1, "ignoring corrupt resume name"); |
| 4187 | psrch_inf->last_entry = NULL; | 4178 | psrch_inf->last_entry = NULL; |
| 4188 | return rc; | 4179 | return rc; |
| @@ -6035,12 +6026,7 @@ int CIFSSMBNotify(const int xid, struct cifs_tcon *tcon, | |||
| 6035 | pSMB->TotalParameterCount = 0 ; | 6026 | pSMB->TotalParameterCount = 0 ; |
| 6036 | pSMB->TotalDataCount = 0; | 6027 | pSMB->TotalDataCount = 0; |
| 6037 | pSMB->MaxParameterCount = cpu_to_le32(2); | 6028 | pSMB->MaxParameterCount = cpu_to_le32(2); |
| 6038 | /* BB find exact data count max from sess structure BB */ | 6029 | pSMB->MaxDataCount = cpu_to_le32(CIFSMaxBufSize & 0xFFFFFF00); |
| 6039 | pSMB->MaxDataCount = 0; /* same in little endian or be */ | ||
| 6040 | /* BB VERIFY verify which is correct for above BB */ | ||
| 6041 | pSMB->MaxDataCount = cpu_to_le32((tcon->ses->server->maxBuf - | ||
| 6042 | MAX_CIFS_HDR_SIZE) & 0xFFFFFF00); | ||
| 6043 | |||
| 6044 | pSMB->MaxSetupCount = 4; | 6030 | pSMB->MaxSetupCount = 4; |
| 6045 | pSMB->Reserved = 0; | 6031 | pSMB->Reserved = 0; |
| 6046 | pSMB->ParameterOffset = 0; | 6032 | pSMB->ParameterOffset = 0; |