git.michaelhowe.org Git - packages/o/openafs.git/commit

]> git.michaelhowe.org Git - packages/o/openafs.git/commit

projects / packages / o / openafs.git / commit

author	Russ Allbery <rra@debian.org>
	Sun, 24 Feb 2013 23:06:19 +0000 (15:06 -0800)
committer	Russ Allbery <rra@debian.org>
	Sun, 24 Feb 2013 23:06:19 +0000 (15:06 -0800)
commit	df9641f65d9b4ec349ce05e3f160a0e290650b35
tree	508a5dd6424a2dcc837163c87c78744dfb12879b	tree \| snapshot
parent	46ebb6869b87b06ad54bbdaa844a7b4e24b10914	commit \| diff

OpenAFS-SA-2013-0002: Buffer overflow in OpenAFS ptserver

The ptserver accepts a list of unbounded size from the IdToName RPC. The
length of this list is then used to determine the size of a number of other
internal datastructures. If the length is sufficiently large then we may
hit an integer overflow when calculating the size to pass to malloc, and
allocate data structures of insufficient length, allowing heap memory to
be overwritten.

src/ptserver/ptprocs.c

diff | blob | history

RSS Atom