From: Asanka Herath <asanka@secure-endpoints.com>
Date: Sun, 10 Jun 2007 06:55:42 +0000 (+0000)
Subject: DEVEL15-windows-pioctl-buffer-overrun-20070609
X-Git-Tag: openafs-devel-1_5_21~78
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=1a04da568f74c9c640d635ac0f3843da4ea441ca;p=packages%2Fo%2Fopenafs.git

DEVEL15-windows-pioctl-buffer-overrun-20070609


this patch protects against a buffer overrun in the client if the
server were to send more data than the receiving buffer can hold.


(cherry picked from commit 8a814a5596e9d8db1c24326715f794ae46966b3b)
---

diff --git a/src/sys/pioctl_nt.c b/src/sys/pioctl_nt.c
index 05486c713..8f2b940d3 100644
--- a/src/sys/pioctl_nt.c
+++ b/src/sys/pioctl_nt.c
@@ -991,6 +991,10 @@ pioctl(char *pathp, long opcode, struct ViceIoctl *blobp, int follow)
 
     MarshallString(&preq, fullPath);
     if (blobp->in_size) {
+        if (blobp->in_size > sizeof(preq.data) - (preq.mp - preq.data)*sizeof(char)) {
+            errno = E2BIG;
+            return -1;
+        }
 	memcpy(preq.mp, blobp->in, blobp->in_size);
 	preq.mp += blobp->in_size;
     }