[PATCH] cifs: small underflow in cnvrtDosUnixTm()
jim
jim.brown at rsmas.miami.edu
Mon Apr 10 15:43:23 UTC 2017
Restrict days > 31 to 31?
What about days < 1? Test and restrict to 1?
On 4/10/2017 9:49 AM, Dan Carpenter via samba-technical wrote:
> January is month 1. There is no zero-th month. We don't care very much
> if the days are invalid but for months, we use it to read from an array
> so this bug means we read one space before the start of the
> total_days_of_prev_months[] array.
>
> Fixes: 1bd5bbcb6531 ("[CIFS] Legacy time handling for Win9x and OS/2 part 1")
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
>
> diff --git a/fs/cifs/netmisc.c b/fs/cifs/netmisc.c
> index abae6dd2c6b9..f1f64a15215a 100644
> --- a/fs/cifs/netmisc.c
> +++ b/fs/cifs/netmisc.c
> @@ -980,8 +980,10 @@ struct timespec cnvrtDosUnixTm(__le16 le_date, __le16 le_time, int offset)
> cifs_dbg(VFS, "illegal hours %d\n", st->Hours);
> days = sd->Day;
> month = sd->Month;
> - if ((days > 31) || (month > 12)) {
> + if (days > 31 || month < 1 || month > 12) {
> cifs_dbg(VFS, "illegal date, month %d day: %d\n", month, days);
> + if (month < 1)
> + month = 1;
> if (month > 12)
> month = 12;
> }
>
More information about the samba-technical
mailing list