cifs: ntstatus_to_dos_map[] is not terminated

Functions that walk the ntstatus_to_dos_map[] array could run off the end. For example, ntstatus_to_dos() loops while ntstatus_to_dos_map[].ntstatus is not 0. Granted, this is mostly theoretical, but could be used as a DOS attack if the error code in the SMB header is bogus. [Might consider adding to stable, as this patch is low risk - Steve] Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Steve French <smfrench@gmail.com>
author: Tim Gardner <tim.gardner@canonical.com> 2013-10-13 13:29:03 -0600
committer: Steve French <smfrench@gmail.com> 2013-10-14 12:14:01 -0500
commit: 0c26606cbe4937f2228a27bb0c2cad19855be87a (patch)
tree: a6750a3f37ce363f9019a4a41e65384ab7383d4a /fs
parent: dde2356c8466298bd77fa699e0ea296372eed47b (diff)
download: op-kernel-dev-0c26606cbe4937f2228a27bb0c2cad19855be87a.zip
op-kernel-dev-0c26606cbe4937f2228a27bb0c2cad19855be87a.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/fs/cifs/netmisc.c b/fs/cifs/netmisc.c
index af847e1..651a527 100644
--- a/fs/cifs/netmisc.c
+++ b/fs/cifs/netmisc.c
@@ -780,7 +780,9 @@ static const struct {
 	ERRDOS, ERRnoaccess, 0xc0000290}, {
 	ERRDOS, ERRbadfunc, 0xc000029c}, {
 	ERRDOS, ERRsymlink, NT_STATUS_STOPPED_ON_SYMLINK}, {
-	ERRDOS, ERRinvlevel, 0x007c0001}, };
+	ERRDOS, ERRinvlevel, 0x007c0001}, {
+	0, 0, 0 }
+};
 
 /*****************************************************************************
  Print an error message from the status code
author	Tim Gardner <tim.gardner@canonical.com>	2013-10-13 13:29:03 -0600
committer	Steve French <smfrench@gmail.com>	2013-10-14 12:14:01 -0500
commit	0c26606cbe4937f2228a27bb0c2cad19855be87a (patch)
tree	a6750a3f37ce363f9019a4a41e65384ab7383d4a /fs
parent	dde2356c8466298bd77fa699e0ea296372eed47b (diff)
download	op-kernel-dev-0c26606cbe4937f2228a27bb0c2cad19855be87a.zip op-kernel-dev-0c26606cbe4937f2228a27bb0c2cad19855be87a.tar.gz