git.michaelhowe.org Git - packages/o/openafs.git/commit

]> git.michaelhowe.org Git - packages/o/openafs.git/commit

projects / packages / o / openafs.git / commit

author	Russ Allbery <rra@debian.org>
	Sun, 24 Feb 2013 22:58:11 +0000 (14:58 -0800)
committer	Russ Allbery <rra@debian.org>
	Sun, 24 Feb 2013 22:58:11 +0000 (14:58 -0800)
commit	ba1857a87fdabcce3c16ff912417083e5d9c27e0
tree	01ae458d59676ebeb00d57be1629d4ebfbb9030f	tree \| snapshot
parent	68e21f0a85c8cbaf095e41bf5313b2b0f1e37f40	commit \| diff

OpenAFS-SA-2013-0002: Buffer overflow in OpenAFS ptserver

The ptserver accepts a list of unbounded size from the IdToName RPC. The
length of this list is then used to determine the size of a number of other
internal datastructures. If the length is sufficiently large then we may
hit an integer overflow when calculating the size to pass to malloc, and
allocate data structures of insufficient length, allowing heap memory to
be overwritten.

src/ptserver/ptprocs.c

diff | blob | history

RSS Atom