Revision - 0c26606 - cifs: ntstatus_to_dos_map[] is not terminated

Revision 0c26606cbe4937f2228a27bb0c2cad19855be87a authored by Tim Gardner on 13 October 2013, 19:29:03 UTC, committed by Steve French on 14 October 2013, 17:14:01 UTC

cifs: ntstatus_to_dos_map[] is not terminated

Functions that walk the ntstatus_to_dos_map[] array could
run off the end. For example, ntstatus_to_dos() loops
while ntstatus_to_dos_map[].ntstatus is not 0. Granted,
this is mostly theoretical, but could be used as a DOS attack
if the error code in the SMB header is bogus.

[Might consider adding to stable, as this patch is low risk - Steve]

Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Steve French <smfrench@gmail.com>

1 parent dde2356

Files
Changes

Permalinks

File	Mode	Size
.gitignore	-rw-r--r--	151 bytes
Kconfig	-rw-r--r--	5.6 KB
Makefile	-rw-r--r--	2.3 KB
gen_init_cpio.c	-rw-r--r--	13.0 KB
initramfs_data.S	-rw-r--r--	1.3 KB

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...