git.michaelhowe.org Git - packages/o/openafs.git/commit

author	Mark Vitale <mvitale@sinenomine.net>
	Wed, 6 Jun 2018 19:23:26 +0000 (15:23 -0400)
committer	Benjamin Kaduk <kaduk@mit.edu>
	Fri, 15 Jun 2018 12:41:26 +0000 (08:41 -0400)
commit	101c114bd3bcc662c49a565dffc597a70ef1ea80
tree	b27afb90c65951fe25fe4f1ac10a3c08e75edd65	tree \| snapshot
parent	41285fc801cfa91e099e042ab2bc85599fac63fb	commit \| diff

xdr: avoid xdr_enum memory overrun

Since openafs-ibm-1_0, xdr_enum has used xdr_long to read and write, even
though enum_t is defined as int.  For systems where sizeof(int) ==
sizeof(long), this works by accident.  But other systems (e.g., DARWIN
ARCHFLAGS=x86_64) xdr_enum will overrun its int-sized second parameter.  For
XDR_DECODE, this results in memory corruption.

This was first noticed with OpenAFS 1.8.0 on macOS 10.13; if aklog is issued
while already holding a token, it will fail in token_SetsEquivalent with a
segfault in decodeToken.  The root cause is that the address passed to
decodeToken had been overwritten by a previous call to tokenType -> xdr_enum ->
xdr_long.

Instead, modify xdr_enum to use xdr_int for its work.

Reviewed-on: https://gerrit.openafs.org/13075
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit eb1d2ef203a2a99c908b3b89d9ea8337a91b944b)

Change-Id: I548ab43fe4513262b6be0608be45bfd8580e6ed8
Reviewed-on: https://gerrit.openafs.org/13183
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Joe Gorse <jhgorse@gmail.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>