cifs: sanity check length of data to send before sending
authorJeff Layton <jlayton@redhat.com>
Fri, 14 Feb 2014 12:21:00 +0000 (07:21 -0500)
committerSteve French <smfrench@gmail.com>
Mon, 24 Feb 2014 02:55:07 +0000 (20:55 -0600)
commita26054d184763969a411e3939fe243516715ff59
tree949134388a332f66f28a80d329263031e7136d43
parent6b1168e1617d9d4db73ef5276490627abf5adec4
cifs: sanity check length of data to send before sending

We had a bug discovered recently where an upper layer function
(cifs_iovec_write) could pass down a smb_rqst with an invalid amount of
data in it. The length of the SMB frame would be correct, but the rqst
struct would cause smb_send_rqst to send nearly 4GB of data.

This should never be the case. Add some sanity checking to the beginning
of smb_send_rqst that ensures that the amount of data we're going to
send agrees with the length in the RFC1002 header. If it doesn't, WARN()
and return -EIO to the upper layers.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Sachin Prabhu <sprabhu@redhat.com>
Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru>
Signed-off-by: Steve French <smfrench@gmail.com>
fs/cifs/transport.c