From 0d4b46ba7d124e67bcf27082bf313f8c07c93287 Mon Sep 17 00:00:00 2001 From: Steve French Date: Thu, 12 Apr 2018 20:32:13 -0500 Subject: [PATCH] smb3.11: replace a 4 with server->vals->header_preamble_size More cleanup of use of hardcoded 4 byte RFC1001 field size Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky Reviewed-by: Ronnie Sahlberg --- fs/cifs/smb2misc.c | 11 +++++++---- fs/cifs/smb2pdu.c | 3 ++- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index 9df9f0b48160..68ea8491c160 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -94,7 +94,8 @@ static const __le16 smb2_rsp_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = { }; #ifdef CONFIG_CIFS_SMB311 -static __u32 get_neg_ctxt_len(struct smb2_hdr *hdr, __u32 len, __u32 non_ctxlen) +static __u32 get_neg_ctxt_len(struct smb2_hdr *hdr, __u32 len, __u32 non_ctxlen, + size_t hdr_preamble_size) { __u16 neg_count; __u32 nc_offset, size_of_pad_before_neg_ctxts; @@ -108,11 +109,12 @@ static __u32 get_neg_ctxt_len(struct smb2_hdr *hdr, __u32 len, __u32 non_ctxlen) /* Make sure that negotiate contexts start after gss security blob */ nc_offset = le32_to_cpu(pneg_rsp->NegotiateContextOffset); - if (nc_offset < non_ctxlen - 4 /* RFC1001 len field */) { + if (nc_offset < non_ctxlen - hdr_preamble_size /* RFC1001 len */) { printk_once(KERN_WARNING "invalid negotiate context offset\n"); return 0; } - size_of_pad_before_neg_ctxts = nc_offset - (non_ctxlen - 4); + size_of_pad_before_neg_ctxts = nc_offset - + (non_ctxlen - hdr_preamble_size); /* Verify that at least minimal negotiate contexts fit within frame */ if (len < nc_offset + (neg_count * sizeof(struct smb2_neg_context))) { @@ -235,7 +237,8 @@ smb2_check_message(char *buf, unsigned int length, struct TCP_Server_Info *srvr) #ifdef CONFIG_CIFS_SMB311 if (shdr->Command == SMB2_NEGOTIATE) - clc_len += get_neg_ctxt_len(hdr, len, clc_len); + clc_len += get_neg_ctxt_len(hdr, len, clc_len, + srvr->vals->header_preamble_size); #endif /* SMB311 */ if (srvr->vals->header_preamble_size + len != clc_len) { cifs_dbg(FYI, "Calculated size %u length %zu mismatch mid %llu\n", diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 5cbdddcafaec..be44c5c3e77e 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -474,7 +474,8 @@ static int smb311_decode_neg_context(struct smb2_negotiate_rsp *rsp, if (len_of_ctxts < sizeof(struct smb2_neg_context)) break; - pctx = (struct smb2_neg_context *)(offset + 4 + (char *)rsp); + pctx = (struct smb2_neg_context *)(offset + + server->vals->header_preamble_size + (char *)rsp); clen = le16_to_cpu(pctx->DataLength); if (clen > len_of_ctxts) break; -- 2.30.2