commit 12df83c9b901cfe8ca7a66fbe0effc6d873cbbb9 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

cifs: clean up unaligned accesses in validate_t2

...and clean up function to reduce indentation.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

authored by Jeff Layton and committed by Steve French 15 years ago 12df83c9 690c522f

+23 -21

1 changed file

expand all

unified split

cifs

cifssmb.c

+23 -21

fs/cifs/cifssmb.c

··· 331 332 static int validate_t2(struct smb_t2_rsp *pSMB) 333 { 334 - int rc = -EINVAL; 335 - int total_size; 336 337 - /* check for plausible wct, bcc and t2 data and parm sizes */ 338 /* check for parm and data offset going beyond end of smb */ 339 - if (pSMB->hdr.WordCount >= 10) { 340 - if ((le16_to_cpu(pSMB->t2_rsp.ParameterOffset) <= 1024) && 341 - (le16_to_cpu(pSMB->t2_rsp.DataOffset) <= 1024)) { 342 - /* check that bcc is at least as big as parms + data */ 343 - /* check that bcc is less than negotiated smb buffer */ 344 - total_size = le16_to_cpu(pSMB->t2_rsp.ParameterCount); 345 - if (total_size < 512) { 346 - total_size += 347 - le16_to_cpu(pSMB->t2_rsp.DataCount); 348 - if (total_size <= get_bcc(&pSMB->hdr) && 349 - total_size < 350 - CIFSMaxBufSize + MAX_CIFS_HDR_SIZE) { 351 - return 0; 352 - } 353 - } 354 - } 355 - } 356 cifs_dump_mem("Invalid transact2 SMB: ", (char *)pSMB, 357 sizeof(struct smb_t2_rsp) + 16); 358 - return rc; 359 } 360 361 int

··· 331 332 static int validate_t2(struct smb_t2_rsp *pSMB) 333 { 334 + unsigned int total_size; 335 336 + /* check for plausible wct */ 337 + if (pSMB->hdr.WordCount < 10) 338 + goto vt2_err; 339 + 340 /* check for parm and data offset going beyond end of smb */ 341 + if (get_unaligned_le16(&pSMB->t2_rsp.ParameterOffset) > 1024 || 342 + get_unaligned_le16(&pSMB->t2_rsp.DataOffset) > 1024) 343 + goto vt2_err; 344 + 345 + /* check that bcc is at least as big as parms + data */ 346 + /* check that bcc is less than negotiated smb buffer */ 347 + total_size = get_unaligned_le16(&pSMB->t2_rsp.ParameterCount); 348 + if (total_size >= 512) 349 + goto vt2_err; 350 + 351 + total_size += get_unaligned_le16(&pSMB->t2_rsp.DataCount); 352 + if (total_size > get_bcc(&pSMB->hdr) || 353 + total_size >= CIFSMaxBufSize + MAX_CIFS_HDR_SIZE) 354 + goto vt2_err; 355 + 356 + return 0; 357 + vt2_err: 358 cifs_dump_mem("Invalid transact2 SMB: ", (char *)pSMB, 359 sizeof(struct smb_t2_rsp) + 16); 360 + return -EINVAL; 361 } 362 363 int