ksmbd: use buf_data_size instead of recalculation in smb3_decrypt_req()

Tom suggested to use buf_data_size that is already calculated, to verify
these offsets.

Cc: Tom Talpey <[email protected]>
Cc: Ronnie Sahlberg <[email protected]>
Cc: Ralph Böhme <[email protected]>
Suggested-by: Tom Talpey <[email protected]>
Acked-by: Hyunchul Lee <[email protected]>
Signed-off-by: Namjae Jeon <[email protected]>
Signed-off-by: Steve French <[email protected]>

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index cd2313af811d3a0af09b94f719da9439e92b4aa8..721b9a89c2d4a26cfd5f68c35e448b0dd1753de7 100644 (file)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -8395,20 +8395,18 @@ int smb3_decrypt_req(struct ksmbd_work *work)
        struct smb2_hdr *hdr;
        unsigned int pdu_length = get_rfc1002_len(buf);
        struct kvec iov[2];
-       unsigned int buf_data_size = pdu_length + 4 -
+       int buf_data_size = pdu_length + 4 -
                sizeof(struct smb2_transform_hdr);
        struct smb2_transform_hdr *tr_hdr = (struct smb2_transform_hdr *)buf;
        int rc = 0;
 
-       if (pdu_length + 4 <
-           sizeof(struct smb2_transform_hdr) + sizeof(struct smb2_hdr)) {
+       if (buf_data_size < sizeof(struct smb2_hdr)) {
                pr_err("Transform message is too small (%u)\n",
                       pdu_length);
                return -ECONNABORTED;
        }
 
-       if (pdu_length + 4 <
-           le32_to_cpu(tr_hdr->OriginalMessageSize) + sizeof(struct smb2_transform_hdr)) {
+       if (buf_data_size < le32_to_cpu(tr_hdr->OriginalMessageSize)) {
                pr_err("Transform message is broken\n");
                return -ECONNABORTED;
        }