From: Andrew Deason Date: Tue, 12 Mar 2013 14:51:39 +0000 (-0500) Subject: ptserver: Limit length on namelist, idlist X-Git-Tag: upstream/1.8.0_pre1^2~403 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=a0ffea098d8c5c5b46c6bf86a12d28d6e7096685;p=packages%2Fo%2Fopenafs.git ptserver: Limit length on namelist, idlist namelist and idlist are used as IN parameters to ptserver RPCs that can be issued by unauthenticated clients. Not having a length limit on them means anyone can use up a ton of ptserver memory by just issuing those RPCs with a very large length. So, put a limit on them. PR_MAXLIST is a constant that already exists, but is small enough to potentially limit real use, so define a new OpenAFS-internal value for this purpose. prlist and prentries are returned from the ptserver to clients, so also limit them in the same way. Change-Id: Iaf45639bbae401093354adbfb4daa172fe97ede1 Reviewed-on: http://gerrit.openafs.org/9588 Tested-by: BuildBot Reviewed-by: Daria Brashear --- diff --git a/src/ptserver/ptint.xg b/src/ptserver/ptint.xg index e8ac46890..100231dc0 100644 --- a/src/ptserver/ptint.xg +++ b/src/ptserver/ptint.xg @@ -102,11 +102,15 @@ const PRUPDATE_IDHASH = 0x0010; %#define PR_SF_NGROUPS (1u<<31) /* set field limiting group creation */ %#define PR_SF_NUSERS (1u<<30) /* " " foreign users " */ +/* OpenAFS implementation limit. This limit can be modified in future releases + * and does not need to match the limis applied by other implementations. */ +const OPENAFS_MAXPRLIST=50000; + typedef char prname[PR_MAXNAMELEN]; -typedef prname namelist<>; -typedef afs_int32 idlist<>; -typedef afs_int32 prlist<>; -typedef prlistentries prentries<>; +typedef prname namelist; +typedef afs_int32 idlist; +typedef afs_int32 prlist; +typedef prlistentries prentries; INewEntry( IN string name,