[patch] cifs: integer overflow in parse_dacl()

Dan Carpenter dan.carpenter at oracle.com
Thu Jan 12 00:06:17 MST 2012

On Wed, Jan 11, 2012 at 12:31:34PM -0600, Steve French wrote:
> We could calculate max_aces based on a minimum sized ace and maximum
> smb frame size (which would be 64K presumably for Windows for
> non-Writes, but larger for Samba), but not sure if it is worth the
> trouble unless you find a path where we would parse beyond end of
> frame,

This was a static checker test and I haven't tried to exploit it.
You guys are more familiar with the code obviously and you've lost
me with the talk about max_aces.  I don't see that anywhere in the

$ grep max_aces fs/cifs/ -iR | wc -l

dan carpenter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120112/ad1d3005/attachment.pgp>

More information about the samba-technical mailing list