ncpfs: read buffer overflow
This function uses signed integers for the unix_date and local variables - if a negative number is supplied and the leap-year condition is not met, month will be 0, leading to a later read of day_n[-1] Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Cc: Petr Vandrovec <VANDROVE@vc.cvut.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
a7e3108cca
commit
c5df59136a
1 changed files with 1 additions and 1 deletions
|
@ -1241,7 +1241,7 @@ ncp_date_unix2dos(int unix_date, __le16 *time, __le16 *date)
|
|||
month = 2;
|
||||
} else {
|
||||
nl_day = (year & 3) || day <= 59 ? day : day - 1;
|
||||
for (month = 0; month < 12; month++)
|
||||
for (month = 1; month < 12; month++)
|
||||
if (day_n[month] > nl_day)
|
||||
break;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue