提交 18295796 编写于 作者: J Jeff Layton 提交者: Steve French

cifs: fix length handling in cifs_get_name_from_search_buf

The earlier patch to move this code to use the new unicode helpers
assumed that the filename strings would be null terminated. That's not
always the case.

Instead of passing "max_len" to the string converter, pass "min(len,
max_len)", which makes it do the right thing while still keeping the
parser confined to the response. Also fix up the prototypes of this
function and the callers so that max_len is unsigned (like len is).
Signed-off-by: NJeff Layton <jlayton@redhat.com>
Signed-off-by: NSteve French <sfrench@us.ibm.com>
上级 9e39b0ae
...@@ -829,7 +829,7 @@ static int find_cifs_entry(const int xid, struct cifsTconInfo *pTcon, ...@@ -829,7 +829,7 @@ static int find_cifs_entry(const int xid, struct cifsTconInfo *pTcon,
/* inode num, inode type and filename returned */ /* inode num, inode type and filename returned */
static int cifs_get_name_from_search_buf(struct qstr *pqst, static int cifs_get_name_from_search_buf(struct qstr *pqst,
char *current_entry, __u16 level, unsigned int unicode, char *current_entry, __u16 level, unsigned int unicode,
struct cifs_sb_info *cifs_sb, int max_len, __u64 *pinum) struct cifs_sb_info *cifs_sb, unsigned int max_len, __u64 *pinum)
{ {
int rc = 0; int rc = 0;
unsigned int len = 0; unsigned int len = 0;
...@@ -890,7 +890,8 @@ static int cifs_get_name_from_search_buf(struct qstr *pqst, ...@@ -890,7 +890,8 @@ static int cifs_get_name_from_search_buf(struct qstr *pqst,
if (unicode) { if (unicode) {
pqst->len = cifs_from_ucs2((char *) pqst->name, pqst->len = cifs_from_ucs2((char *) pqst->name,
(__le16 *) filename, (__le16 *) filename,
UNICODE_NAME_MAX, max_len, nlt, UNICODE_NAME_MAX,
min(len, max_len), nlt,
cifs_sb->mnt_cifs_flags & cifs_sb->mnt_cifs_flags &
CIFS_MOUNT_MAP_SPECIAL_CHR); CIFS_MOUNT_MAP_SPECIAL_CHR);
} else { } else {
...@@ -902,8 +903,8 @@ static int cifs_get_name_from_search_buf(struct qstr *pqst, ...@@ -902,8 +903,8 @@ static int cifs_get_name_from_search_buf(struct qstr *pqst,
return rc; return rc;
} }
static int cifs_filldir(char *pfindEntry, struct file *file, static int cifs_filldir(char *pfindEntry, struct file *file, filldir_t filldir,
filldir_t filldir, void *direntry, char *scratch_buf, int max_len) void *direntry, char *scratch_buf, unsigned int max_len)
{ {
int rc = 0; int rc = 0;
struct qstr qstring; struct qstr qstring;
...@@ -1000,7 +1001,7 @@ int cifs_readdir(struct file *file, void *direntry, filldir_t filldir) ...@@ -1000,7 +1001,7 @@ int cifs_readdir(struct file *file, void *direntry, filldir_t filldir)
int num_to_fill = 0; int num_to_fill = 0;
char *tmp_buf = NULL; char *tmp_buf = NULL;
char *end_of_smb; char *end_of_smb;
int max_len; unsigned int max_len;
xid = GetXid(); xid = GetXid();
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册