diff options
Diffstat (limited to 'fs/cifs')
| -rw-r--r-- | fs/cifs/cifssmb.c | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 30709589e0c9..f5e15279ea29 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
| @@ -5281,7 +5281,7 @@ CIFSSMBQAllEAs(const int xid, struct cifsTconInfo *tcon, | |||
| 5281 | TRANSACTION2_QPI_RSP *pSMBr = NULL; | 5281 | TRANSACTION2_QPI_RSP *pSMBr = NULL; |
| 5282 | int rc = 0; | 5282 | int rc = 0; |
| 5283 | int bytes_returned; | 5283 | int bytes_returned; |
| 5284 | int name_len; | 5284 | int list_len; |
| 5285 | struct fealist *ea_response_data; | 5285 | struct fealist *ea_response_data; |
| 5286 | struct fea *temp_fea; | 5286 | struct fea *temp_fea; |
| 5287 | char *temp_ptr; | 5287 | char *temp_ptr; |
| @@ -5295,18 +5295,18 @@ QAllEAsRetry: | |||
| 5295 | return rc; | 5295 | return rc; |
| 5296 | 5296 | ||
| 5297 | if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { | 5297 | if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { |
| 5298 | name_len = | 5298 | list_len = |
| 5299 | cifsConvertToUCS((__le16 *) pSMB->FileName, searchName, | 5299 | cifsConvertToUCS((__le16 *) pSMB->FileName, searchName, |
| 5300 | PATH_MAX, nls_codepage, remap); | 5300 | PATH_MAX, nls_codepage, remap); |
| 5301 | name_len++; /* trailing null */ | 5301 | list_len++; /* trailing null */ |
| 5302 | name_len *= 2; | 5302 | list_len *= 2; |
| 5303 | } else { /* BB improve the check for buffer overruns BB */ | 5303 | } else { /* BB improve the check for buffer overruns BB */ |
| 5304 | name_len = strnlen(searchName, PATH_MAX); | 5304 | list_len = strnlen(searchName, PATH_MAX); |
| 5305 | name_len++; /* trailing null */ | 5305 | list_len++; /* trailing null */ |
| 5306 | strncpy(pSMB->FileName, searchName, name_len); | 5306 | strncpy(pSMB->FileName, searchName, list_len); |
| 5307 | } | 5307 | } |
| 5308 | 5308 | ||
| 5309 | params = 2 /* level */ + 4 /* reserved */ + name_len /* includes NUL */; | 5309 | params = 2 /* level */ + 4 /* reserved */ + list_len /* includes NUL */; |
| 5310 | pSMB->TotalDataCount = 0; | 5310 | pSMB->TotalDataCount = 0; |
| 5311 | pSMB->MaxParameterCount = cpu_to_le16(2); | 5311 | pSMB->MaxParameterCount = cpu_to_le16(2); |
| 5312 | /* BB find exact max SMB PDU from sess structure BB */ | 5312 | /* BB find exact max SMB PDU from sess structure BB */ |
| @@ -5361,23 +5361,23 @@ QAllEAsRetry: | |||
| 5361 | ea_response_data = (struct fealist *) | 5361 | ea_response_data = (struct fealist *) |
| 5362 | (((char *) &pSMBr->hdr.Protocol) + data_offset); | 5362 | (((char *) &pSMBr->hdr.Protocol) + data_offset); |
| 5363 | 5363 | ||
| 5364 | name_len = le32_to_cpu(ea_response_data->list_len); | 5364 | list_len = le32_to_cpu(ea_response_data->list_len); |
| 5365 | cFYI(1, ("ea length %d", name_len)); | 5365 | cFYI(1, ("ea length %d", list_len)); |
| 5366 | if (name_len <= 8) { | 5366 | if (list_len <= 8) { |
| 5367 | cFYI(1, ("empty EA list returned from server")); | 5367 | cFYI(1, ("empty EA list returned from server")); |
| 5368 | goto QAllEAsOut; | 5368 | goto QAllEAsOut; |
| 5369 | } | 5369 | } |
| 5370 | 5370 | ||
| 5371 | /* account for ea list len */ | 5371 | /* account for ea list len */ |
| 5372 | name_len -= 4; | 5372 | list_len -= 4; |
| 5373 | temp_fea = ea_response_data->list; | 5373 | temp_fea = ea_response_data->list; |
| 5374 | temp_ptr = (char *)temp_fea; | 5374 | temp_ptr = (char *)temp_fea; |
| 5375 | while (name_len > 0) { | 5375 | while (list_len > 0) { |
| 5376 | __u16 value_len; | 5376 | __u16 value_len; |
| 5377 | name_len -= 4; | 5377 | list_len -= 4; |
| 5378 | temp_ptr += 4; | 5378 | temp_ptr += 4; |
| 5379 | rc += temp_fea->name_len; | 5379 | rc += temp_fea->name_len; |
| 5380 | /* account for prefix user. and trailing null */ | 5380 | /* account for prefix user. and trailing null */ |
| 5381 | rc = rc + 5 + 1; | 5381 | rc = rc + 5 + 1; |
| 5382 | if (rc < (int) buf_size) { | 5382 | if (rc < (int) buf_size) { |
| 5383 | memcpy(EAData, "user.", 5); | 5383 | memcpy(EAData, "user.", 5); |
| @@ -5386,7 +5386,7 @@ QAllEAsRetry: | |||
| 5386 | EAData += temp_fea->name_len; | 5386 | EAData += temp_fea->name_len; |
| 5387 | /* null terminate name */ | 5387 | /* null terminate name */ |
| 5388 | *EAData = 0; | 5388 | *EAData = 0; |
| 5389 | EAData = EAData + 1; | 5389 | ++EAData; |
| 5390 | } else if (buf_size == 0) { | 5390 | } else if (buf_size == 0) { |
| 5391 | /* skip copy - calc size only */ | 5391 | /* skip copy - calc size only */ |
| 5392 | } else { | 5392 | } else { |
| @@ -5394,13 +5394,13 @@ QAllEAsRetry: | |||
| 5394 | rc = -ERANGE; | 5394 | rc = -ERANGE; |
| 5395 | break; | 5395 | break; |
| 5396 | } | 5396 | } |
| 5397 | name_len -= temp_fea->name_len; | 5397 | list_len -= temp_fea->name_len; |
| 5398 | temp_ptr += temp_fea->name_len; | 5398 | temp_ptr += temp_fea->name_len; |
| 5399 | /* account for trailing null */ | 5399 | /* account for trailing null */ |
| 5400 | name_len--; | 5400 | list_len--; |
| 5401 | temp_ptr++; | 5401 | temp_ptr++; |
| 5402 | value_len = le16_to_cpu(temp_fea->value_len); | 5402 | value_len = le16_to_cpu(temp_fea->value_len); |
| 5403 | name_len -= value_len; | 5403 | list_len -= value_len; |
| 5404 | temp_ptr += value_len; | 5404 | temp_ptr += value_len; |
| 5405 | /* BB check that temp_ptr is still | 5405 | /* BB check that temp_ptr is still |
| 5406 | within the SMB BB*/ | 5406 | within the SMB BB*/ |