]> git.michaelhowe.org Git - packages/o/openafs.git/commitdiff
projects / packages / o / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d4cd578)
afs: Use correct output buffer for FSCmd pioctl
authorAndrew Deason <adeason@sinenomine.net>
Wed, 8 Jul 2015 18:20:13 +0000 (14:20 -0400)
committerDaria Brashear <shadow@your-file-system.com>
Thu, 30 Jul 2015 03:59:59 +0000 (23:59 -0400)
MRAFS added the FsCmd pioctl for passing messages to the fileserver;
a bug causes it to write into the wrong memory and potentially panic
clients.

FIXES 131896 (CVE-2015-3285)

(cherry picked from commit ef671f497e9161ec2759446d594789495d3346f1)

Change-Id: I1ee1fa7dff1d2594cfe9fab5ae0b7fc9245803de

src/afs/afs_pioctl.c patch | blob | history

diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
index 89a56b97602806225645e0b8aec1adbea2c8164b..fe76a711ce7a749808c2b57c7dbefa7459dfdc9a 100644 (file)
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@@ -5030,8 +5030,7 @@ DECL_PIOCTL(PFsCmd)
            if (tc) {
                RX_AFS_GUNLOCK();
                code =
-                   RXAFS_FsCmd(rxconn, Fid, Inputs,
-                                       (struct FsCmdOutputs *)aout);
+                   RXAFS_FsCmd(rxconn, Fid, Inputs, Outputs);
                RX_AFS_GLOCK();
            } else
                code = -1;