ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()

author Namjae Jeon <linkinjeon@kernel.org>

Mon, 30 Mar 2026 14:40:42 +0000 (10:40 -0400)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sat, 18 Apr 2026 08:33:39 +0000 (10:33 +0200)
author Namjae Jeon <linkinjeon@kernel.org>
Mon, 30 Mar 2026 14:40:42 +0000 (10:40 -0400)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 18 Apr 2026 08:33:39 +0000 (10:33 +0200)
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c

index f9cc39a375b59306c631c3aa1e85d96031af32c8..a8eafd498d10fe19cc6fcc5fd05ab1265dd1cd79 100644 (file)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -4123,8 +4123,9 @@ int smb2_query_dir(struct ksmbd_work *work)
         d_info.wptr = (char *)rsp->Buffer;
         d_info.rptr = (char *)rsp->Buffer;
         d_info.out_buf_len =
-               smb2_calc_max_out_buf_len(work, 8,
-                                         le32_to_cpu(req->OutputBufferLength));
+               smb2_calc_max_out_buf_len(work,
+                               offsetof(struct smb2_query_directory_rsp, Buffer),
+                               le32_to_cpu(req->OutputBufferLength));
         if (d_info.out_buf_len < 0) {
                 rc = -EINVAL;
                 goto err_out;
@@ -4374,8 +4375,9 @@ static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp,
         }
  
         buf_free_len =
-               smb2_calc_max_out_buf_len(work, 8,
-                                         le32_to_cpu(req->OutputBufferLength));
+               smb2_calc_max_out_buf_len(work,
+                               offsetof(struct smb2_query_info_rsp, Buffer),
+                               le32_to_cpu(req->OutputBufferLength));
         if (buf_free_len < 0)
                 return -EINVAL;
  
@@ -4685,8 +4687,9 @@ static void get_file_stream_info(struct ksmbd_work *work,
         file_info = (struct smb2_file_stream_info *)rsp->Buffer;
  
         buf_free_len =
-               smb2_calc_max_out_buf_len(work, 8,
-                                         le32_to_cpu(req->OutputBufferLength));
+               smb2_calc_max_out_buf_len(work,
+                               offsetof(struct smb2_query_info_rsp, Buffer),
+                               le32_to_cpu(req->OutputBufferLength));
         if (buf_free_len < 0)
                 goto out;
  
@@ -7726,8 +7729,9 @@ int smb2_ioctl(struct ksmbd_work *work)
  
         buffer = (char *)req + le32_to_cpu(req->InputOffset);
         cnt_code = le32_to_cpu(req->CntCode);
-       ret = smb2_calc_max_out_buf_len(work, 48,
-                                       le32_to_cpu(req->MaxOutputResponse));
+       ret = smb2_calc_max_out_buf_len(work,
+                       offsetof(struct smb2_ioctl_rsp, Buffer),
+                       le32_to_cpu(req->MaxOutputResponse));
         if (ret < 0) {
                 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
                 goto out;
author	Namjae Jeon <linkinjeon@kernel.org>
	Mon, 30 Mar 2026 14:40:42 +0000 (10:40 -0400)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 18 Apr 2026 08:33:39 +0000 (10:33 +0200)