[PATCH] cifs: annotate fea{,list}, endianness bugfix

in CIFSSMSetEA() ->list_len got (__u32)cpu_to_le16() instead of cpu_to_le32(). Broken on big-endian... Signed-off-by: Al Viro <viro@parcelfarce.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] cifs: annotate fea{,list}, endianness bugfix
in CIFSSMSetEA() ->list_len got (__u32)cpu_to_le16() instead of cpu_to_le32(). Broken on big-endian... Signed-off-by: Al Viro <viro@parcelfarce.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
781cd275 · Alexander Viro · Linus Torvalds · ca248b4d · 781cd275 · 781cd275
Commit 781cd275 authored Sep 21, 2004 by Alexander Viro Committed by Linus Torvalds Sep 21, 2004
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 18 deletions

fs/cifs/cifspdu.h fs/cifs/cifspdu.h +2 -2

fs/cifs/cifssmb.c fs/cifs/cifssmb.c +14 -16

No files found.
--- a/fs/cifs/cifspdu.h
+++ b/fs/cifs/cifspdu.h
@@ -1707,7 +1707,7 @@ struct gealist {
 struct fea {
 	unsigned char EA_flags;
 	__u8 name_len;
-	__u16 value_len;
+	__le16 value_len;
 	char name[1];
 	/* optionally followed by value */
 };
@@ -1715,7 +1715,7 @@ struct fea {
 #define FEA_NEEDEA         0x80	/* need EA bit */

 struct fealist {
-	__u32 list_len;
+	__le32 list_len;
 	struct fea list[1];
 };


--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -3107,10 +3107,8 @@ CIFSSMBQAllEAs(const int xid, struct cifsTconInfo *tcon,
 			ea_response_data = (struct fealist *)
 				(((char *) &pSMBr->hdr.Protocol) +
 				data_offset);
-			ea_response_data->list_len = 
-				cpu_to_le32(ea_response_data->list_len);
-			cFYI(1,("ea length %d",ea_response_data->list_len));
-			name_len = ea_response_data->list_len;
+			name_len = le32_to_cpu(ea_response_data->list_len);
+			cFYI(1,("ea length %d", name_len));
 			if(name_len <= 8) {
 			/* returned EA size zeroed at top of function */
 				cFYI(1,("empty EA list returned from server"));
@@ -3120,6 +3118,7 @@ CIFSSMBQAllEAs(const int xid, struct cifsTconInfo *tcon,
 				temp_fea = ea_response_data->list;
 				temp_ptr = (char *)temp_fea;
 				while(name_len > 0) {
+					__u16 value_len;
 					name_len -= 4;
 					temp_ptr += 4;
 					rc += temp_fea->name_len;
@@ -3145,9 +3144,9 @@ CIFSSMBQAllEAs(const int xid, struct cifsTconInfo *tcon,
 					/* account for trailing null */
 					name_len--;
 					temp_ptr++;
-					temp_fea->value_len = cpu_to_le16(temp_fea->value_len);
-					name_len -= temp_fea->value_len;
-					temp_ptr += temp_fea->value_len;
+					value_len = le16_to_cpu(temp_fea->value_len);
+					name_len -= value_len;
+					temp_ptr += value_len;
 					/* BB check that temp_ptr is still within smb BB*/
 				/* no trailing null to account for in value len */
 					/* go on to next EA */
@@ -3250,10 +3249,8 @@ ssize_t CIFSSMBQueryEA(const int xid,struct cifsTconInfo * tcon,
 			ea_response_data = (struct fealist *)
 				(((char *) &pSMBr->hdr.Protocol) +
 				data_offset);
-			ea_response_data->list_len = 
-				cpu_to_le32(ea_response_data->list_len);
-			cFYI(1,("ea length %d",ea_response_data->list_len));
-			name_len = ea_response_data->list_len;
+			name_len = le32_to_cpu(ea_response_data->list_len);
+			cFYI(1,("ea length %d", name_len));
 			if(name_len <= 8) {
 			/* returned EA size zeroed at top of function */
 				cFYI(1,("empty EA list returned from server"));
@@ -3265,15 +3262,16 @@ ssize_t CIFSSMBQueryEA(const int xid,struct cifsTconInfo * tcon,
 				/* loop through checking if we have a matching
 				name and then return the associated value */
 				while(name_len > 0) {
+					__u16 value_len;
 					name_len -= 4;
 					temp_ptr += 4;
-					temp_fea->value_len = cpu_to_le16(temp_fea->value_len);
+					value_len = le16_to_cpu(temp_fea->value_len);
 				/* BB validate that value_len falls within SMB, 
 				even though maximum for name_len is 255 */ 
 					if(memcmp(temp_fea->name,ea_name,
 						  temp_fea->name_len) == 0) {
 						/* found a match */
-						rc = temp_fea->value_len;
+						rc = value_len;
 				/* account for prefix user. and trailing null */
 						if(rc<=(int)buf_size) {
 							memcpy(ea_value,
@@ -3294,8 +3292,8 @@ ssize_t CIFSSMBQueryEA(const int xid,struct cifsTconInfo * tcon,
 					/* account for trailing null */
 					name_len--;
 					temp_ptr++;
-					name_len -= temp_fea->value_len;
-					temp_ptr += temp_fea->value_len;
+					name_len -= value_len;
+					temp_ptr += value_len;
 				/* no trailing null to account for in value len */
 					/* go on to next EA */
 					temp_fea = (struct fea *)temp_ptr;
@@ -3378,7 +3376,7 @@ CIFSSMBSetEA(const int xid, struct cifsTconInfo *tcon, const char *fileName,
 	pSMB->SubCommand = cpu_to_le16(TRANS2_SET_PATH_INFORMATION);
 	byte_count = 3 /* pad */  + params + count;
 	pSMB->DataCount = cpu_to_le16(count);
-	parm_data->list_len = (__u32)(pSMB->DataCount);
+	parm_data->list_len = cpu_to_le32(count);
 	parm_data->list[0].EA_flags = 0;
 	/* we checked above that name len is less than 255 */
 	parm_data->list[0].name_len = (__u8)name_len;;