From patchwork Fri Oct 11 02:56:39 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve French X-Patchwork-Id: 3020431 Return-Path: X-Original-To: patchwork-cifs-client@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 149C6BF924 for ; Fri, 11 Oct 2013 02:56:43 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 4735D20166 for ; Fri, 11 Oct 2013 02:56:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 70AE620165 for ; Fri, 11 Oct 2013 02:56:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753980Ab3JKC4l (ORCPT ); Thu, 10 Oct 2013 22:56:41 -0400 Received: from mail-pa0-f45.google.com ([209.85.220.45]:38327 "EHLO mail-pa0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752264Ab3JKC4k (ORCPT ); Thu, 10 Oct 2013 22:56:40 -0400 Received: by mail-pa0-f45.google.com with SMTP id rd3so3702964pab.32 for ; Thu, 10 Oct 2013 19:56:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=3JJ8/m5aKA9vMdvOjXGflMKkKs0LXSAPMdobuD6FORw=; b=pkcUKcIt5rQMPvHekcqDOYnmBJbWYy0pTMp2eDdWfQxIBoNjxbYlCMXYZoznx+L2vi MpjkrMu7p0eQSst2qoUSJ81zYksDitIwoCGKjF6HgZ4yZZjefWblFsbjkA3XokPsLCUC ufdcDv6HBZ1pH8RPrZUwb/3MPagysxeXh27TZwmhTIGXT267asiWJtoMieku75rQSrKi 1AUuJJ8S0GBP7H8L0Ahc7S6d9RdoD2lq3Xhmj4hIbE/5ETKuLOn8cOvNIezcjGKEWD0S f0hYNxhfU9YrIAGeC8keP4gvbDuJy+/twlTUrH/QEEl6hzxUJ+6sH9//Lz+pZ6VzxUT5 LRvQ== MIME-Version: 1.0 X-Received: by 10.68.96.130 with SMTP id ds2mr17196416pbb.99.1381460199852; Thu, 10 Oct 2013 19:56:39 -0700 (PDT) Received: by 10.68.143.10 with HTTP; Thu, 10 Oct 2013 19:56:39 -0700 (PDT) Date: Thu, 10 Oct 2013 21:56:39 -0500 Message-ID: Subject: [PATCH 1/2] [CIFS] Fix corrupt SMB2 ioctl requests From: Steve French To: "linux-cifs@vger.kernel.org" , samba-technical , "Stefan (metze) Metzmacher" Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Spam-Status: No, score=-7.0 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP As Metze suggested I split this small patch out of the compression ioctl patch. We were off by one calculating the length of ioctls in some cases because the protocol specification for SMB2 ioctl includes a mininum one byte payload but not all SMB2 ioctl requests actually have a data buffer to send. We were also not zeroing out the return buffer (in case of error this is helpful). Signed-off-by: Steve French --- fs/cifs/smb2pdu.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) *plen = 0; @@ -1183,10 +1184,12 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, iov[0].iov_base = (char *)req; /* 4 for rfc1002 length field */ - iov[0].iov_len = get_rfc1002_length(req) + 4; + /* -1 since last byte is buf[0] which is sent in iov[1] or not at all */ + iov[0].iov_len = get_rfc1002_length(req) + 4 - 1; + /* -1 since last byte is buf[0] which was counted in smb2_buf_len */ if (indatalen) - inc_rfc1001_len(req, indatalen); + inc_rfc1001_len(req, indatalen - 1); rc = SendReceive2(xid, ses, iov, num_iovecs, &resp_buftype, 0); rsp = (struct smb2_ioctl_rsp *)iov[0].iov_base; diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index edccb52..dabfa90 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -1137,6 +1137,7 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, cifs_dbg(FYI, "SMB2 IOCTL\n"); + *out_data = NULL; /* zero out returned data len, in case of error */ if (plen)