[PATCH] cifs: small underflow in cnvrtDosUnixTm()
Dan Carpenter
dan.carpenter at oracle.com
Mon Apr 10 13:49:31 UTC 2017
January is month 1. There is no zero-th month. We don't care very much
if the days are invalid but for months, we use it to read from an array
so this bug means we read one space before the start of the
total_days_of_prev_months[] array.
Fixes: 1bd5bbcb6531 ("[CIFS] Legacy time handling for Win9x and OS/2 part 1")
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
diff --git a/fs/cifs/netmisc.c b/fs/cifs/netmisc.c
index abae6dd2c6b9..f1f64a15215a 100644
--- a/fs/cifs/netmisc.c
+++ b/fs/cifs/netmisc.c
@@ -980,8 +980,10 @@ struct timespec cnvrtDosUnixTm(__le16 le_date, __le16 le_time, int offset)
cifs_dbg(VFS, "illegal hours %d\n", st->Hours);
days = sd->Day;
month = sd->Month;
- if ((days > 31) || (month > 12)) {
+ if (days > 31 || month < 1 || month > 12) {
cifs_dbg(VFS, "illegal date, month %d day: %d\n", month, days);
+ if (month < 1)
+ month = 1;
if (month > 12)
month = 12;
}
More information about the samba-technical
mailing list