]> git.michaelhowe.org Git - packages/o/openafs.git/commitdiff
projects / packages / o / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: baea8ed)
viced: fix get-statistics64 buffer overflow
authorMichael Meffie <mmeffie@sinenomine.net>
Sat, 15 Feb 2014 17:03:43 +0000 (12:03 -0500)
committerRuss Allbery <rra@debian.org>
Wed, 9 Apr 2014 17:56:01 +0000 (10:56 -0700)
Range check the statsVersion argument of the GetStatisitics64 RPC to
avoid a buffer overflow in the fileserver, or a huge memory allocation,
by a rogue client.

FIXES 131803

(cherry picked from commit bd2cc32da969abe57334d20563d5cddf065a905e)

Change-Id: I05b18b9f4bacd8981eafb9fe4b5aea904f88a9cc

src/viced/afsfileprocs.c patch | blob | history

diff --git a/src/viced/afsfileprocs.c b/src/viced/afsfileprocs.c
index 2d86ea9f6e3b8f3fe4cfad9fddc2db20243eaec6..465d6f1e38fcb9d21a5e90662a98ca1bfe3bf4fe 100644 (file)
--- a/src/viced/afsfileprocs.c
+++ b/src/viced/afsfileprocs.c
@@ -5892,6 +5892,11 @@ SRXAFS_GetStatistics64(struct rx_call *acall, afs_int32 statsVersion, ViceStatis
     if ((code = CallPreamble(acall, NOTACTIVECALL, &tcon, &thost)))
        goto Bad_GetStatistics64;
 
+    if (statsVersion != STATS64_VERSION) {
+       code = EINVAL;
+       goto Bad_GetStatistics64;
+    }
+
     ViceLog(1, ("SAFS_GetStatistics64 Received\n"));
     Statistics->ViceStatistics64_val =
        malloc(statsVersion*sizeof(afs_int64));