On Tue, Jan 18, 2011 at 2:33 PM, Jeff Layton <jlayton@xxxxxxxxxx> wrote:
> ...and clean up function to reduce indentation.
>
> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> ---
> fs/cifs/cifssmb.c | 44 +++++++++++++++++++++++---------------------
> 1 files changed, 23 insertions(+), 21 deletions(-)
>
> diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
> index 3b3072c..75a1559 100644
> --- a/fs/cifs/cifssmb.c
> +++ b/fs/cifs/cifssmb.c
> @@ -331,31 +331,33 @@ smb_init_no_reconnect(int smb_command, int wct, struct cifsTconInfo *tcon,
>
> static int validate_t2(struct smb_t2_rsp *pSMB)
> {
> - int rc = -EINVAL;
> - int total_size;
> + unsigned int total_size;
> +
> + /* check for plausible wct */
> + if (pSMB->hdr.WordCount < 10)
> + goto vt2_err;
>
> - /* check for plausible wct, bcc and t2 data and parm sizes */
> /* check for parm and data offset going beyond end of smb */
> - if (pSMB->hdr.WordCount >= 10) {
> - if ((le16_to_cpu(pSMB->t2_rsp.ParameterOffset) <= 1024) &&
> - (le16_to_cpu(pSMB->t2_rsp.DataOffset) <= 1024)) {
> - /* check that bcc is at least as big as parms + data */
> - /* check that bcc is less than negotiated smb buffer */
> - total_size = le16_to_cpu(pSMB->t2_rsp.ParameterCount);
> - if (total_size < 512) {
> - total_size +=
> - le16_to_cpu(pSMB->t2_rsp.DataCount);
> - if (total_size <= get_bcc(&pSMB->hdr) &&
> - total_size <
> - CIFSMaxBufSize + MAX_CIFS_HDR_SIZE) {
> - return 0;
> - }
> - }
> - }
> - }
> + if (get_unaligned_le16(&pSMB->t2_rsp.ParameterOffset) > 1024 ||
> + get_unaligned_le16(&pSMB->t2_rsp.DataOffset) > 1024)
> + goto vt2_err;
> +
> + /* check that bcc is at least as big as parms + data */
> + /* check that bcc is less than negotiated smb buffer */
> + total_size = get_unaligned_le16(&pSMB->t2_rsp.ParameterCount);
> + if (total_size >= 512)
> + goto vt2_err;
> +
> + total_size += get_unaligned_le16(&pSMB->t2_rsp.DataCount);
> + if (total_size > get_bcc(&pSMB->hdr) ||
> + total_size >= CIFSMaxBufSize + MAX_CIFS_HDR_SIZE)
> + goto vt2_err;
> +
> + return 0;
> +vt2_err:
> cifs_dump_mem("Invalid transact2 SMB: ", (char *)pSMB,
> sizeof(struct smb_t2_rsp) + 16);
> - return rc;
> + return -EINVAL;
> }
>
> int
> --
> 1.7.3.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
Looks correct.
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
