diff options
Diffstat (limited to 'fs/smb/client/smb2pdu.c')
| -rw-r--r-- | fs/smb/client/smb2pdu.c | 52 |
1 files changed, 27 insertions, 25 deletions
diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c index b0739a2661bf..ef2c6ac500f7 100644 --- a/fs/smb/client/smb2pdu.c +++ b/fs/smb/client/smb2pdu.c @@ -2229,21 +2229,20 @@ SMB2_tdis(const unsigned int xid, struct cifs_tcon *tcon) return rc; } - -static struct create_durable * +static create_durable_req_t * create_durable_buf(void) { - struct create_durable *buf; + create_durable_req_t *buf; - buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL); + buf = kzalloc(sizeof(create_durable_req_t), GFP_KERNEL); if (!buf) return NULL; buf->ccontext.DataOffset = cpu_to_le16(offsetof - (struct create_durable, Data)); + (create_durable_req_t, Data)); buf->ccontext.DataLength = cpu_to_le32(16); buf->ccontext.NameOffset = cpu_to_le16(offsetof - (struct create_durable, Name)); + (create_durable_req_t, Name)); buf->ccontext.NameLength = cpu_to_le16(4); /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DHnQ" */ buf->Name[0] = 'D'; @@ -2253,20 +2252,20 @@ create_durable_buf(void) return buf; } -static struct create_durable * +static create_durable_req_t * create_reconnect_durable_buf(struct cifs_fid *fid) { - struct create_durable *buf; + create_durable_req_t *buf; - buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL); + buf = kzalloc(sizeof(create_durable_req_t), GFP_KERNEL); if (!buf) return NULL; buf->ccontext.DataOffset = cpu_to_le16(offsetof - (struct create_durable, Data)); + (create_durable_req_t, Data)); buf->ccontext.DataLength = cpu_to_le32(16); buf->ccontext.NameOffset = cpu_to_le16(offsetof - (struct create_durable, Name)); + (create_durable_req_t, Name)); buf->ccontext.NameLength = cpu_to_le16(4); buf->Data.Fid.PersistentFileId = fid->persistent_fid; buf->Data.Fid.VolatileFileId = fid->volatile_fid; @@ -2424,21 +2423,21 @@ add_lease_context(struct TCP_Server_Info *server, return 0; } -static struct create_durable_v2 * +static struct create_durable_req_v2 * create_durable_v2_buf(struct cifs_open_parms *oparms) { struct cifs_fid *pfid = oparms->fid; - struct create_durable_v2 *buf; + struct create_durable_req_v2 *buf; - buf = kzalloc(sizeof(struct create_durable_v2), GFP_KERNEL); + buf = kzalloc(sizeof(struct create_durable_req_v2), GFP_KERNEL); if (!buf) return NULL; buf->ccontext.DataOffset = cpu_to_le16(offsetof - (struct create_durable_v2, dcontext)); - buf->ccontext.DataLength = cpu_to_le32(sizeof(struct durable_context_v2)); + (struct create_durable_req_v2, dcontext)); + buf->ccontext.DataLength = cpu_to_le32(sizeof(struct durable_context_v2_req)); buf->ccontext.NameOffset = cpu_to_le16(offsetof - (struct create_durable_v2, Name)); + (struct create_durable_req_v2, Name)); buf->ccontext.NameLength = cpu_to_le16(4); /* @@ -2508,7 +2507,7 @@ add_durable_v2_context(struct kvec *iov, unsigned int *num_iovec, iov[num].iov_base = create_durable_v2_buf(oparms); if (iov[num].iov_base == NULL) return -ENOMEM; - iov[num].iov_len = sizeof(struct create_durable_v2); + iov[num].iov_len = sizeof(struct create_durable_req_v2); *num_iovec = num + 1; return 0; } @@ -2552,7 +2551,7 @@ add_durable_context(struct kvec *iov, unsigned int *num_iovec, iov[num].iov_base = create_durable_buf(); if (iov[num].iov_base == NULL) return -ENOMEM; - iov[num].iov_len = sizeof(struct create_durable); + iov[num].iov_len = sizeof(create_durable_req_t); *num_iovec = num + 1; return 0; } @@ -4054,9 +4053,12 @@ replay_again: smb_rsp = (struct smb2_change_notify_rsp *)rsp_iov.iov_base; - smb2_validate_iov(le16_to_cpu(smb_rsp->OutputBufferOffset), - le32_to_cpu(smb_rsp->OutputBufferLength), &rsp_iov, + rc = smb2_validate_iov(le16_to_cpu(smb_rsp->OutputBufferOffset), + le32_to_cpu(smb_rsp->OutputBufferLength), + &rsp_iov, sizeof(struct file_notify_information)); + if (rc) + goto cnotify_exit; *out_data = kmemdup((char *)smb_rsp + le16_to_cpu(smb_rsp->OutputBufferOffset), le32_to_cpu(smb_rsp->OutputBufferLength), GFP_KERNEL); @@ -5451,7 +5453,7 @@ smb2_parse_query_directory(struct cifs_tcon *tcon, info_buf_size = sizeof(FILE_DIRECTORY_INFO); break; case SMB_FIND_FILE_ID_FULL_DIR_INFO: - info_buf_size = sizeof(SEARCH_ID_FULL_DIR_INFO); + info_buf_size = sizeof(FILE_ID_FULL_DIR_INFO); break; case SMB_FIND_FILE_POSIX_INFO: /* note that posix payload are variable size */ @@ -5979,8 +5981,8 @@ replay_again: max_len = sizeof(FILE_SYSTEM_DEVICE_INFO); min_len = sizeof(FILE_SYSTEM_DEVICE_INFO); } else if (level == FS_ATTRIBUTE_INFORMATION) { - max_len = sizeof(FILE_SYSTEM_ATTRIBUTE_INFO); - min_len = MIN_FS_ATTR_INFO_SIZE; + max_len = sizeof(FILE_SYSTEM_ATTRIBUTE_INFO) + MAX_FS_NAME_LEN; + min_len = sizeof(FILE_SYSTEM_ATTRIBUTE_INFO); } else if (level == FS_SECTOR_SIZE_INFORMATION) { max_len = sizeof(struct smb3_fs_ss_info); min_len = sizeof(struct smb3_fs_ss_info); @@ -6026,7 +6028,7 @@ replay_again: if (level == FS_ATTRIBUTE_INFORMATION) memcpy(&tcon->fsAttrInfo, offset + (char *)rsp, min_t(unsigned int, - rsp_len, max_len)); + rsp_len, min_len)); else if (level == FS_DEVICE_INFORMATION) memcpy(&tcon->fsDevInfo, offset + (char *)rsp, sizeof(FILE_SYSTEM_DEVICE_INFO)); |