diff options
author | Tim Gardner <tim.gardner@canonical.com> | 2013-10-13 21:29:03 +0200 |
---|---|---|
committer | Steve French <smfrench@gmail.com> | 2013-10-14 19:14:01 +0200 |
commit | 0c26606cbe4937f2228a27bb0c2cad19855be87a (patch) | |
tree | a6750a3f37ce363f9019a4a41e65384ab7383d4a | |
parent | cifs: Allow LANMAN auth method for servers supporting unencapsulated authenti... (diff) | |
download | linux-0c26606cbe4937f2228a27bb0c2cad19855be87a.tar.xz linux-0c26606cbe4937f2228a27bb0c2cad19855be87a.zip |
cifs: ntstatus_to_dos_map[] is not terminated
Functions that walk the ntstatus_to_dos_map[] array could
run off the end. For example, ntstatus_to_dos() loops
while ntstatus_to_dos_map[].ntstatus is not 0. Granted,
this is mostly theoretical, but could be used as a DOS attack
if the error code in the SMB header is bogus.
[Might consider adding to stable, as this patch is low risk - Steve]
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Steve French <smfrench@gmail.com>
-rw-r--r-- | fs/cifs/netmisc.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/fs/cifs/netmisc.c b/fs/cifs/netmisc.c index af847e1cf1c1..651a5279607b 100644 --- a/fs/cifs/netmisc.c +++ b/fs/cifs/netmisc.c @@ -780,7 +780,9 @@ static const struct { ERRDOS, ERRnoaccess, 0xc0000290}, { ERRDOS, ERRbadfunc, 0xc000029c}, { ERRDOS, ERRsymlink, NT_STATUS_STOPPED_ON_SYMLINK}, { - ERRDOS, ERRinvlevel, 0x007c0001}, }; + ERRDOS, ERRinvlevel, 0x007c0001}, { + 0, 0, 0 } +}; /***************************************************************************** Print an error message from the status code |