From: Nickolai Zeldovich <kolya@mit.edu>
Date: Fri, 16 Mar 2001 03:35:07 +0000 (+0000)
Subject: do-bounds-checking-in-psetvolumestatus-20010315
X-Git-Tag: BP-openafs-devel-autoconf~25
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=54b7292a4499106f956a4449c620466f64303498;p=packages%2Fo%2Fopenafs.git

do-bounds-checking-in-psetvolumestatus-20010315


Previously it was possible to overflow the variables used to construct a
SetVolumeStatus call
---

diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
index d4d00375e..2044147c5 100644
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@@ -1502,10 +1502,16 @@ static PSetVolumeStatus(avc, afun, areq, ain, aout, ainSize, aoutSize)
     cp = ain;
     bcopy(cp, (char *)&volstat, sizeof(AFSFetchVolumeStatus));
     cp += sizeof(AFSFetchVolumeStatus);
+    if (strlen(cp) >= sizeof(volName))
+	return E2BIG;
     strcpy(volName, cp);
     cp += strlen(volName)+1;
+    if (strlen(cp) >= sizeof(offLineMsg))
+	return E2BIG;
     strcpy(offLineMsg, cp);
     cp +=  strlen(offLineMsg)+1;
+    if (strlen(cp) >= sizeof(motd))
+	return E2BIG;
     strcpy(motd, cp);
     storeStat.Mask = 0;
     if (volstat.MinQuota != -1) {