From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Thu, 26 Aug 2010 15:33:43 +0000 (-0400)
Subject: Windows: Add validation for directory buffer contents
X-Git-Tag: upstream/1.8.0_pre1^2~4855
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=72584be7fb0b6eb01ca5cb9c0703e9bc1b92f547;p=packages%2Fo%2Fopenafs.git

Windows: Add validation for directory buffer contents

If the directory buffer contents are garbage we can crash
the service.  Add some simple validation checks to ensure
that cm_dirEntry_t objects have the correct flag value and
that the name strings are not too long.

LICENSE BSD

Change-Id: If4a276007ff7a21a641825037a1035ea20db79c5
Reviewed-on: http://gerrit.openafs.org/2658
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
---

diff --git a/src/WINNT/afsd/cm_vnodeops.c b/src/WINNT/afsd/cm_vnodeops.c
index ba8088989..e7b4312e2 100644
--- a/src/WINNT/afsd/cm_vnodeops.c
+++ b/src/WINNT/afsd/cm_vnodeops.c
@@ -671,6 +671,15 @@ long cm_ApplyDir(cm_scache_t *scp, cm_DirFuncp_t funcp, void *parmp,
         tp = bufferp->datap + entryInBuffer;
         dep = (cm_dirEntry_t *) tp;	/* now points to AFS3 dir entry */
 
+        /*
+         * here are some consistency checks
+         */
+        if (dep->flag != CM_DIR_FFIRST ||
+            strlen(dep->name) > 256) {
+            code = CM_ERROR_INVAL;
+            break;
+        }
+
         /* while we're here, compute the next entry's location, too,
          * since we'll need it when writing out the cookie into the
          * dir listing stream.