Reviewed-by: Ronnie Sahlberg <lsahlber@xxxxxxxxxx>
On Fri, Jul 2, 2021 at 8:53 AM Steve French <smfrench@xxxxxxxxx> wrote:
>
> Coverity complains about the way we calculate the offset
> (starting from the address of a 4 byte array within the
> header structure rather than from the beginning of the struct
> plus 4 bytes). This doesn't change the address but
> makes it slightly clearer.
>
> Addresses-Coverity: 711529 ("Out of bounds read")
> Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
> ---
> fs/cifs/cifspdu.h | 1 +
> fs/cifs/cifssmb.c | 3 ++-
> 2 files changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/fs/cifs/cifspdu.h b/fs/cifs/cifspdu.h
> index 0923f72d27e9..f6e235001358 100644
> --- a/fs/cifs/cifspdu.h
> +++ b/fs/cifs/cifspdu.h
> @@ -1785,6 +1785,7 @@ struct smb_com_transaction2_sfi_req {
> __u16 Fid;
> __le16 InformationLevel;
> __u16 Reserved4;
> + __u8 payload[];
> } __attribute__((packed));
>
> struct smb_com_transaction2_sfi_rsp {
> diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
> index 58ebec4d4413..ea12fa6eacb6 100644
> --- a/fs/cifs/cifssmb.c
> +++ b/fs/cifs/cifssmb.c
> @@ -3009,7 +3009,8 @@ CIFSUnixCreateHardLink(const unsigned int xid,
> struct cifs_tcon *tcon,
> InformationLevel) - 4;
> offset = param_offset + params;
>
> - data_offset = (char *) (&pSMB->hdr.Protocol) + offset;
> + /* SMB offsets are from the beginning of SMB which is 4 bytes in,
> after RFC1001 field */
> + data_offset = (char *)pSMB + offset + 4;
> if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {
> name_len_target =
> cifsConvertToUTF16((__le16 *) data_offset, fromName,
>
> --
> Thanks,
>
> Steve
