summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTim Gardner <tim.gardner@canonical.com>2013-10-13 21:29:03 +0200
committerSteve French <smfrench@gmail.com>2013-10-14 19:14:01 +0200
commit0c26606cbe4937f2228a27bb0c2cad19855be87a (patch)
treea6750a3f37ce363f9019a4a41e65384ab7383d4a
parentcifs: Allow LANMAN auth method for servers supporting unencapsulated authenti... (diff)
downloadlinux-0c26606cbe4937f2228a27bb0c2cad19855be87a.tar.xz
linux-0c26606cbe4937f2228a27bb0c2cad19855be87a.zip
cifs: ntstatus_to_dos_map[] is not terminated
Functions that walk the ntstatus_to_dos_map[] array could run off the end. For example, ntstatus_to_dos() loops while ntstatus_to_dos_map[].ntstatus is not 0. Granted, this is mostly theoretical, but could be used as a DOS attack if the error code in the SMB header is bogus. [Might consider adding to stable, as this patch is low risk - Steve] Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Steve French <smfrench@gmail.com>
-rw-r--r--fs/cifs/netmisc.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/fs/cifs/netmisc.c b/fs/cifs/netmisc.c
index af847e1cf1c1..651a5279607b 100644
--- a/fs/cifs/netmisc.c
+++ b/fs/cifs/netmisc.c
@@ -780,7 +780,9 @@ static const struct {
ERRDOS, ERRnoaccess, 0xc0000290}, {
ERRDOS, ERRbadfunc, 0xc000029c}, {
ERRDOS, ERRsymlink, NT_STATUS_STOPPED_ON_SYMLINK}, {
- ERRDOS, ERRinvlevel, 0x007c0001}, };
+ ERRDOS, ERRinvlevel, 0x007c0001}, {
+ 0, 0, 0 }
+};
/*****************************************************************************
Print an error message from the status code