diff options
-rw-r--r-- | fs/cifs/cifssmb.c | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 30709589e0c..f5e15279ea2 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -5281,7 +5281,7 @@ CIFSSMBQAllEAs(const int xid, struct cifsTconInfo *tcon, TRANSACTION2_QPI_RSP *pSMBr = NULL; int rc = 0; int bytes_returned; - int name_len; + int list_len; struct fealist *ea_response_data; struct fea *temp_fea; char *temp_ptr; @@ -5295,18 +5295,18 @@ QAllEAsRetry: return rc; if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { - name_len = + list_len = cifsConvertToUCS((__le16 *) pSMB->FileName, searchName, PATH_MAX, nls_codepage, remap); - name_len++; /* trailing null */ - name_len *= 2; + list_len++; /* trailing null */ + list_len *= 2; } else { /* BB improve the check for buffer overruns BB */ - name_len = strnlen(searchName, PATH_MAX); - name_len++; /* trailing null */ - strncpy(pSMB->FileName, searchName, name_len); + list_len = strnlen(searchName, PATH_MAX); + list_len++; /* trailing null */ + strncpy(pSMB->FileName, searchName, list_len); } - params = 2 /* level */ + 4 /* reserved */ + name_len /* includes NUL */; + params = 2 /* level */ + 4 /* reserved */ + list_len /* includes NUL */; pSMB->TotalDataCount = 0; pSMB->MaxParameterCount = cpu_to_le16(2); /* BB find exact max SMB PDU from sess structure BB */ @@ -5361,23 +5361,23 @@ QAllEAsRetry: ea_response_data = (struct fealist *) (((char *) &pSMBr->hdr.Protocol) + data_offset); - name_len = le32_to_cpu(ea_response_data->list_len); - cFYI(1, ("ea length %d", name_len)); - if (name_len <= 8) { + list_len = le32_to_cpu(ea_response_data->list_len); + cFYI(1, ("ea length %d", list_len)); + if (list_len <= 8) { cFYI(1, ("empty EA list returned from server")); goto QAllEAsOut; } /* account for ea list len */ - name_len -= 4; + list_len -= 4; temp_fea = ea_response_data->list; temp_ptr = (char *)temp_fea; - while (name_len > 0) { + while (list_len > 0) { __u16 value_len; - name_len -= 4; + list_len -= 4; temp_ptr += 4; rc += temp_fea->name_len; - /* account for prefix user. and trailing null */ + /* account for prefix user. and trailing null */ rc = rc + 5 + 1; if (rc < (int) buf_size) { memcpy(EAData, "user.", 5); @@ -5386,7 +5386,7 @@ QAllEAsRetry: EAData += temp_fea->name_len; /* null terminate name */ *EAData = 0; - EAData = EAData + 1; + ++EAData; } else if (buf_size == 0) { /* skip copy - calc size only */ } else { @@ -5394,13 +5394,13 @@ QAllEAsRetry: rc = -ERANGE; break; } - name_len -= temp_fea->name_len; + list_len -= temp_fea->name_len; temp_ptr += temp_fea->name_len; /* account for trailing null */ - name_len--; + list_len--; temp_ptr++; value_len = le16_to_cpu(temp_fea->value_len); - name_len -= value_len; + list_len -= value_len; temp_ptr += value_len; /* BB check that temp_ptr is still within the SMB BB*/ |