Revision 0c26606cbe4937f2228a27bb0c2cad19855be87a authored by Tim Gardner on 13 October 2013, 19:29:03 UTC, committed by Steve French on 14 October 2013, 17:14:01 UTC
Functions that walk the ntstatus_to_dos_map[] array could run off the end. For example, ntstatus_to_dos() loops while ntstatus_to_dos_map[].ntstatus is not 0. Granted, this is mostly theoretical, but could be used as a DOS attack if the error code in the SMB header is bogus. [Might consider adding to stable, as this patch is low risk - Steve] Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Steve French <smfrench@gmail.com>
1 parent dde2356
File | Mode | Size |
---|---|---|
.gitignore | -rw-r--r-- | 151 bytes |
Kconfig | -rw-r--r-- | 5.6 KB |
Makefile | -rw-r--r-- | 2.3 KB |
gen_init_cpio.c | -rw-r--r-- | 13.0 KB |
initramfs_data.S | -rw-r--r-- | 1.3 KB |
Computing file changes ...