cifs: clean up unaligned accesses in validate_t2

...and clean up function to reduce indentation.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
This commit is contained in:
Jeff Layton 2011-01-20 13:36:51 -05:00 committed by Steve French
parent 690c522fa5
commit 12df83c9b9
1 changed files with 23 additions and 21 deletions

View File

@ -331,31 +331,33 @@ smb_init_no_reconnect(int smb_command, int wct, struct cifsTconInfo *tcon,
static int validate_t2(struct smb_t2_rsp *pSMB) static int validate_t2(struct smb_t2_rsp *pSMB)
{ {
int rc = -EINVAL; unsigned int total_size;
int total_size;
/* check for plausible wct */
if (pSMB->hdr.WordCount < 10)
goto vt2_err;
/* check for plausible wct, bcc and t2 data and parm sizes */
/* check for parm and data offset going beyond end of smb */ /* check for parm and data offset going beyond end of smb */
if (pSMB->hdr.WordCount >= 10) { if (get_unaligned_le16(&pSMB->t2_rsp.ParameterOffset) > 1024 ||
if ((le16_to_cpu(pSMB->t2_rsp.ParameterOffset) <= 1024) && get_unaligned_le16(&pSMB->t2_rsp.DataOffset) > 1024)
(le16_to_cpu(pSMB->t2_rsp.DataOffset) <= 1024)) { goto vt2_err;
/* check that bcc is at least as big as parms + data */ /* check that bcc is at least as big as parms + data */
/* check that bcc is less than negotiated smb buffer */ /* check that bcc is less than negotiated smb buffer */
total_size = le16_to_cpu(pSMB->t2_rsp.ParameterCount); total_size = get_unaligned_le16(&pSMB->t2_rsp.ParameterCount);
if (total_size < 512) { if (total_size >= 512)
total_size += goto vt2_err;
le16_to_cpu(pSMB->t2_rsp.DataCount);
if (total_size <= get_bcc(&pSMB->hdr) && total_size += get_unaligned_le16(&pSMB->t2_rsp.DataCount);
total_size < if (total_size > get_bcc(&pSMB->hdr) ||
CIFSMaxBufSize + MAX_CIFS_HDR_SIZE) { total_size >= CIFSMaxBufSize + MAX_CIFS_HDR_SIZE)
goto vt2_err;
return 0; return 0;
} vt2_err:
}
}
}
cifs_dump_mem("Invalid transact2 SMB: ", (char *)pSMB, cifs_dump_mem("Invalid transact2 SMB: ", (char *)pSMB,
sizeof(struct smb_t2_rsp) + 16); sizeof(struct smb_t2_rsp) + 16);
return rc; return -EINVAL;
} }
int int