cifs: get rid of dup length check in parse_reparse_point()

smb2_compound_op(SMB2_OP_GET_REPARSE) already checks if ioctl response
has a valid reparse data buffer's length, so there's no need to check
it again in parse_reparse_point().

In order to get rid of duplicate check, validate reparse data buffer's
length also in cifs_query_reparse_point().

Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c
index e9e33b0b3ac472536db1a53f72cbb2635312087c..01e89070df5ab2a38c1d041556e959419ec40fb4 100644 (file)
--- a/fs/smb/client/cifssmb.c
+++ b/fs/smb/client/cifssmb.c
@@ -2700,11 +2700,12 @@ int cifs_query_reparse_point(const unsigned int xid,
                             u32 *tag, struct kvec *rsp,
                             int *rsp_buftype)
 {
+       struct reparse_data_buffer *buf;
        struct cifs_open_parms oparms;
        TRANSACT_IOCTL_REQ *io_req = NULL;
        TRANSACT_IOCTL_RSP *io_rsp = NULL;
        struct cifs_fid fid;
-       __u32 data_offset, data_count;
+       __u32 data_offset, data_count, len;
        __u8 *start, *end;
        int io_rsp_len;
        int oplock = 0;
@@ -2774,7 +2775,16 @@ int cifs_query_reparse_point(const unsigned int xid,
                goto error;
        }
 
-       *tag = le32_to_cpu(((struct reparse_data_buffer *)start)->ReparseTag);
+       data_count = le16_to_cpu(io_rsp->ByteCount);
+       buf = (struct reparse_data_buffer *)start;
+       len = sizeof(*buf);
+       if (data_count < len ||
+           data_count < le16_to_cpu(buf->ReparseDataLength) + len) {
+               rc = -EIO;
+               goto error;
+       }
+
+       *tag = le32_to_cpu(buf->ReparseTag);
        rsp->iov_base = io_rsp;
        rsp->iov_len = io_rsp_len;
        *rsp_buftype = CIFS_LARGE_BUFFER;

diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
index 9b7cdb7d7ece859b62c59980ba5f81a483ebe3d7..3e07ab1564ea704f4e29149ad497caa0d5467a64 100644 (file)
--- a/fs/smb/client/smb2ops.c
+++ b/fs/smb/client/smb2ops.c
@@ -2946,18 +2946,6 @@ int parse_reparse_point(struct reparse_data_buffer *buf,
                        u32 plen, struct cifs_sb_info *cifs_sb,
                        bool unicode, struct cifs_open_info_data *data)
 {
-       if (plen < sizeof(*buf)) {
-               cifs_dbg(VFS, "%s: reparse buffer is too small. Must be at least 8 bytes but was %d\n",
-                        __func__, plen);
-               return -EIO;
-       }
-
-       if (plen < le16_to_cpu(buf->ReparseDataLength) + sizeof(*buf)) {
-               cifs_dbg(VFS, "%s: invalid reparse buf length: %d\n",
-                        __func__, plen);
-               return -EIO;
-       }
-
        data->reparse.buf = buf;
 
        /* See MS-FSCC 2.1.2 */