+/* Initialize NT TRANSACT SMB into small smb request buffer.
+ This assumes that all NT TRANSACTS that we init here have
+ total parm and data under about 400 bytes (to fit in small cifs
+ buffer size), which is the case so far, it easily fits. NB:
+ Setup words themselves and ByteCount
+ MaxSetupCount (size of returned setup area) and
+ MaxParameterCount (returned parms size) must be set by caller */
+static int
+smb_init_ntransact(const __u16 sub_command, const int setup_count,
+ const int parm_len, struct cifsTconInfo *tcon,
+ void ** ret_buf)
+{
+ int rc;
+ __u32 temp_offset;
+ struct smb_com_ntransact_req * pSMB;
+
+ rc = small_smb_init(SMB_COM_NT_TRANSACT, 19 + setup_count, tcon,
+ (void **)&pSMB);
+ if (rc)
+ return rc;
+ *ret_buf = (void *)pSMB;
+ pSMB->Reserved = 0;
+ pSMB->TotalParameterCount = cpu_to_le32(parm_len);
+ pSMB->TotalDataCount = 0;
+ pSMB->MaxDataCount = cpu_to_le32((tcon->ses->server->maxBuf -
+ MAX_CIFS_HDR_SIZE) & 0xFFFFFF00);
+ pSMB->ParameterCount = pSMB->TotalParameterCount;
+ pSMB->DataCount = pSMB->TotalDataCount;
+ temp_offset = offsetof(struct smb_com_ntransact_req, Parms) +
+ (setup_count * 2) - 4 /* for rfc1001 length itself */;
+ pSMB->ParameterOffset = cpu_to_le32(temp_offset);
+ pSMB->DataOffset = cpu_to_le32(temp_offset + parm_len);
+ pSMB->SetupCount = setup_count; /* no need to le convert byte fields */
+ pSMB->SubCommand = cpu_to_le16(sub_command);
+ return 0;
+}
+
+static int
+validate_ntransact(char * buf, char ** ppparm, char ** ppdata,
+ int * pdatalen, int * pparmlen)
+{
+ char * end_of_smb;
+ __u32 data_count, data_offset, parm_count, parm_offset;
+ struct smb_com_ntransact_rsp * pSMBr;
+
+ if(buf == NULL)
+ return -EINVAL;
+
+ pSMBr = (struct smb_com_ntransact_rsp *)buf;
+
+ /* ByteCount was converted from little endian in SendReceive */
+ end_of_smb = 2 /* sizeof byte count */ + pSMBr->ByteCount +
+ (char *)&pSMBr->ByteCount;
+
+
+ data_offset = le32_to_cpu(pSMBr->DataOffset);
+ data_count = le32_to_cpu(pSMBr->DataCount);
+ parm_offset = le32_to_cpu(pSMBr->ParameterOffset);
+ parm_count = le32_to_cpu(pSMBr->ParameterCount);
+
+ *ppparm = (char *)&pSMBr->hdr.Protocol + parm_offset;
+ *ppdata = (char *)&pSMBr->hdr.Protocol + data_offset;
+
+ /* should we also check that parm and data areas do not overlap? */
+ if(*ppparm > end_of_smb) {
+ cFYI(1,("parms start after end of smb"));
+ return -EINVAL;
+ } else if(parm_count + *ppparm > end_of_smb) {
+ cFYI(1,("parm end after end of smb"));
+ return -EINVAL;
+ } else if(*ppdata > end_of_smb) {
+ cFYI(1,("data starts after end of smb"));
+ return -EINVAL;
+ } else if(data_count + *ppdata > end_of_smb) {
+ cFYI(1,("data %p + count %d (%p) ends after end of smb %p start %p",
+ *ppdata, data_count, (data_count + *ppdata), end_of_smb, pSMBr)); /* BB FIXME */
+ return -EINVAL;
+ } else if(parm_count + data_count > pSMBr->ByteCount) {
+ cFYI(1,("parm count and data count larger than SMB"));
+ return -EINVAL;
+ }
+ return 0;
+}
+