From: Namjae Jeon namjae.jeon@samsung.com
mainline inclusion from mainline-5.15-rc1 commit 548e9ad317393b0439081454d2110f519431d5ef category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA
Reference: https://git.kernel.org/torvalds/linux/c/548e9ad31739
-------------------------------
kernel test robot reported warnings:
fs/cifsd/smbacl.c: In function 'parse_sec_desc':
fs/cifsd/smbacl.c:786:6: warning: variable 'total_ace_size' set but
not used [-Wunused-but-set-variable] 786 | int total_ace_size = 0, pntsd_type; | ^~~~~~~~~~~~~~
Signed-off-by: Zhong Jinghua zhongjinghua@huawei.com --- fs/cifsd/smb2pdu.c | 4 ---- fs/cifsd/smbacl.c | 14 +++----------- 2 files changed, 3 insertions(+), 15 deletions(-)
diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c index e4b91838d35c..4ec45c3fa00e 100644 --- a/fs/cifsd/smb2pdu.c +++ b/fs/cifsd/smb2pdu.c @@ -3283,10 +3283,6 @@ int smb2_open(struct ksmbd_work *work) }
if (posix_ctxt) { - struct create_context *posix_ccontext; - - posix_ccontext = (struct create_context *)(rsp->Buffer + - le32_to_cpu(rsp->CreateContextsLength)); contxt_cnt++; create_posix_rsp_buf(rsp->Buffer + le32_to_cpu(rsp->CreateContextsLength), diff --git a/fs/cifsd/smbacl.c b/fs/cifsd/smbacl.c index 77c79cf4afd0..7f6d5313a02c 100644 --- a/fs/cifsd/smbacl.c +++ b/fs/cifsd/smbacl.c @@ -389,7 +389,8 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl, return;
/* validate that we do not go past end of acl */ - if (end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) { + if (end_of_acl <= (char *)pdacl || + end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) { ksmbd_err("ACL too small to parse DACL\n"); return; } @@ -783,7 +784,7 @@ int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, struct smb_acl *dacl_ptr; /* no need for SACL ptr */ char *end_of_acl = ((char *)pntsd) + acl_len; __u32 dacloffset; - int total_ace_size = 0, pntsd_type; + int pntsd_type;
if (pntsd == NULL) return -EIO; @@ -800,16 +801,7 @@ int parse_sec_desc(struct smb_ntsd *pntsd, int acl_len, le32_to_cpu(pntsd->gsidoffset), le32_to_cpu(pntsd->sacloffset), dacloffset);
- if (dacloffset) { - if (end_of_acl <= (char *)dacl_ptr || - end_of_acl < (char *)dacl_ptr + le16_to_cpu(dacl_ptr->size)) - return -EIO; - total_ace_size = - le16_to_cpu(dacl_ptr->size) - sizeof(struct smb_acl); - } - pntsd_type = le16_to_cpu(pntsd->type); - if (!(pntsd_type & DACL_PRESENT)) { ksmbd_debug(SMB, "DACL_PRESENT in DACL type is not set\n"); return rc;