Revision 0c26606cbe4937f2228a27bb0c2cad19855be87a authored by Tim Gardner on 13 October 2013, 19:29:03 UTC, committed by Steve French on 14 October 2013, 17:14:01 UTC
Functions that walk the ntstatus_to_dos_map[] array could run off the end. For example, ntstatus_to_dos() loops while ntstatus_to_dos_map[].ntstatus is not 0. Granted, this is mostly theoretical, but could be used as a DOS attack if the error code in the SMB header is bogus. [Might consider adding to stable, as this patch is low risk - Steve] Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Steve French <smfrench@gmail.com>
1 parent dde2356
| File | Mode | Size |
|---|---|---|
| 3com | ||
| acenic | ||
| adaptec | ||
| advansys | ||
| av7110 | ||
| bnx2 | ||
| bnx2x | ||
| cis | ||
| cpia2 | ||
| cxgb3 | ||
| dsp56k | ||
| e100 | ||
| edgeport | ||
| emi26 | ||
| emi62 | ||
| ess | ||
| kaweth | ||
| keyspan | ||
| keyspan_pda | ||
| korg | ||
| matrox | ||
| myricom | ||
| ositech | ||
| qlogic | ||
| r128 | ||
| radeon | ||
| sb16 | ||
| sun | ||
| tehuti | ||
| tigon | ||
| ttusb-budget | ||
| vicam | ||
| yam | ||
| yamaha | ||
| .gitignore | -rw-r--r-- | 39 bytes |
| Makefile | -rw-r--r-- | 11.5 KB |
| README.AddingFirmware | -rw-r--r-- | 1.5 KB |
| WHENCE | -rw-r--r-- | 26.5 KB |
| atmsar11.HEX | -rw-r--r-- | 18.7 KB |
| ihex2fw.c | -rw-r--r-- | 6.6 KB |
| mts_cdma.fw.ihex | -rw-r--r-- | 37.2 KB |
| mts_edge.fw.ihex | -rw-r--r-- | 37.8 KB |
| mts_gsm.fw.ihex | -rw-r--r-- | 37.2 KB |
| ti_3410.fw.ihex | -rw-r--r-- | 37.0 KB |
| ti_5052.fw.ihex | -rw-r--r-- | 37.0 KB |
| whiteheat.HEX | -rw-r--r-- | 43.9 KB |
| whiteheat_loader.HEX | -rw-r--r-- | 11.8 KB |
| whiteheat_loader_debug.HEX | -rw-r--r-- | 17.2 KB |
Computing file changes ...
