cifs: clarify SMB1 code for UnixCreateHardLink

Coverity complains about the way we calculate the offset
(starting from the address of a 4 byte array within the
header structure rather than from the beginning of the struct
plus 4 bytes).  This doesn't change the address but
makes it slightly clearer.

Addresses-Coverity: 711529 ("Out of bounds read")
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/cifs/cifspdu.h b/fs/cifs/cifspdu.h
index 0923f72d27e94b2c98e471e89ea002323d7409d4..f6e23500135890b72ef18157107fdc283c95b09d 100644 (file)
--- a/fs/cifs/cifspdu.h
+++ b/fs/cifs/cifspdu.h
@@ -1785,6 +1785,7 @@ struct smb_com_transaction2_sfi_req {
        __u16 Fid;
        __le16 InformationLevel;
        __u16 Reserved4;
+       __u8  payload[];
 } __attribute__((packed));
 
 struct smb_com_transaction2_sfi_rsp {

diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 58ebec4d44138d47643d72a2c0c2ff38d50eca51..ea12fa6eacb67925e992cf991ce6331a8175f82d 100644 (file)
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -3009,7 +3009,8 @@ createHardLinkRetry:
                                InformationLevel) - 4;
        offset = param_offset + params;
 
-       data_offset = (char *) (&pSMB->hdr.Protocol) + offset;
+       /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */
+       data_offset = (char *)pSMB + offset + 4;
        if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {
                name_len_target =
                    cifsConvertToUTF16((__le16 *) data_offset, fromName,