+openafs (1.4.12.1+dfsg-4+squeeze3) squeeze-security; urgency=high
+
+ * Apply upstream security patches:
+ - OPENAFS-SA-2014-001: Fix potential buffer overflow in the
+ fileserver. (CVE-2014-0159)
+ - Fix a potential DoS attack against Rx servers by avoiding suspending
+ the listener thread when delaying connection abort messages.
+
+ -- Russ Allbery <rra@debian.org> Tue, 08 Apr 2014 10:16:09 -0700
+
openafs (1.4.12.1+dfsg-4+squeeze2) squeeze-security; urgency=high
* Apply upstream security patches:
return np;
}
+/**
+ * Schedule a connection abort to be sent after some delay.
+ *
+ * @param[in] conn The connection to send the abort on.
+ * @param[in] msec The number of milliseconds to wait before sending.
+ *
+ * @pre conn_data_lock must be held
+ */
+static void
+rxi_SendConnectionAbortLater(struct rx_connection *conn, int msec)
+{
+ struct clock when, now;
+ if (!conn->error) {
+ return;
+ }
+ if (!conn->delayedAbortEvent) {
+ clock_GetTime(&now);
+ when = now;
+ clock_Addmsec(&when, msec);
+ conn->delayedAbortEvent =
+ rxevent_PostNow(&when, &now, rxi_SendDelayedConnAbort, conn, 0);
+ }
+}
+
/* Received a response to a challenge packet */
struct rx_packet *
rxi_ReceiveResponsePacket(register struct rx_connection *conn,
error = RXS_CheckResponse(conn->securityObject, conn, np);
if (error) {
/* If the response is invalid, reset the connection, sending
- * an abort to the peer */
-#ifndef KERNEL
- rxi_Delay(1);
-#endif
+ * an abort to the peer. Send the abort with a 1 second delay,
+ * to avoid a peer hammering us by constantly recreating a
+ * connection with bad credentials. */
rxi_ConnectionError(conn, error);
MUTEX_ENTER(&conn->conn_data_lock);
- np = rxi_SendConnectionAbort(conn, np, istack, 0);
+ rxi_SendConnectionAbortLater(conn, 1000);
MUTEX_EXIT(&conn->conn_data_lock);
return np;
} else {
struct rx_packet *packet, int istack, int force)
{
afs_int32 error;
- struct clock when, now;
if (!conn->error)
return packet;
RX_PACKET_TYPE_ABORT, (char *)&error,
sizeof(error), istack);
MUTEX_ENTER(&conn->conn_data_lock);
- } else if (!conn->delayedAbortEvent) {
- clock_GetTime(&now);
- when = now;
- clock_Addmsec(&when, rxi_connAbortDelay);
- conn->delayedAbortEvent =
- rxevent_PostNow(&when, &now, rxi_SendDelayedConnAbort, conn, 0);
+ } else {
+ rxi_SendConnectionAbortLater(conn, rxi_connAbortDelay);
}
return packet;
}
#endif /* FS_STATS_DETAILED */
if ((code = CallPreamble(acall, NOTACTIVECALL, &tcon, &thost)))
goto Bad_GetStatistics64;
- if (statsVersion > STATS64_VERSION)
+ if (statsVersion != STATS64_VERSION)
goto Bad_GetStatistics64;
ViceLog(1, ("SAFS_GetStatistics64 Received\n"));
Statistics->ViceStatistics64_val =
projects / packages / o / openafs.git / commitdiff