[PATCH] CIFS: fix FSCTL_SET_REPARSE_POINT SMB2_ioctl() call

Steve French <smfrench@xxxxxxxxx> · Tue, 5 Mar 2019 00:14:34 -0600

merged Aurelien's small patch (attached) into cifs-2.6.git for-next

-- 
Thanks,

Steve
From 778d81b65e4d596251943002522d94a7c6fbcf69 Mon Sep 17 00:00:00 2001
From: Aurelien Aptel <aaptel@xxxxxxxx>
Date: Mon, 4 Mar 2019 18:50:18 +0100
Subject: [PATCH] CIFS: fix FSCTL_SET_REPARSE_POINT SMB2_ioctl() call

Without this change the ioctl() fails with INVALID_PARAMETER.
Since SET_REPARSE_POINT has no output, set the max output response
size to zero.

[MS-SMB2] reads 3.3.5.15 Receiving an SMB2 IOCTL Request

If either InputCount, MaxInputResponse, or MaxOutputResponse is
greater than Connection.MaxTransactSize, the server SHOULD<306> fail
the request with STATUS_INVALID_PARAMETER.

The server MUST fail the request with STATUS_INVALID_PARAMETER in the following cases:

* If InputOffset is greater than zero but less than (size of SMB2
  header + size of the SMB2 IOCTL request not including Buffer) or
  if InputOffset is greater than (size of SMB2 header + size of the
  SMB2 IOCTL request).

* If OutputOffset is greater than zero but less than (size of SMB2
  header + size of the SMB2 IOCTL request not including Buffer) or if
  OutputOffset is greater than (size of SMB2 header + size of the SMB2
  IOCTL request).

* If (InputOffset + InputCount) is greater than (size of SMB2 header +
  size of the SMB2 IOCTL request).

* If (OutputOffset + OutputCount) is greater than (size of SMB2 header
  + size of the SMB2 IOCTL request).

* If OutputCount is greater than zero and OutputOffset is less
  than (InputOffset + InputCount).

Signed-off-by: Aurelien Aptel <aaptel@xxxxxxxx>
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
---
 fs/cifs/smb2pdu.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 733021566356..cacdf9bf9ef3 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -2539,7 +2539,10 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
 	 * in responses (except for read responses which can be bigger.
 	 * We may want to bump this limit up
 	 */
-	req->MaxOutputResponse = cpu_to_le32(CIFSMaxBufSize);
+	if (opcode == FSCTL_SET_REPARSE_POINT)
+		req->MaxOutputResponse = cpu_to_le32(0);
+	else
+		req->MaxOutputResponse = cpu_to_le32(CIFSMaxBufSize);
 
 	if (is_fsctl)
 		req->Flags = cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL);
-- 
2.17.1





