From: Michael Meffie <mmeffie@sinenomine.net>
Date: Sat, 15 Feb 2014 17:03:43 +0000 (-0500)
Subject: viced: fix get-statistics64 buffer overflow
X-Git-Tag: upstream/1.6.7^2~2
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=cde152658dcf5ee31293ed75b9a6cfaf8192f320;p=packages%2Fo%2Fopenafs.git

viced: fix get-statistics64 buffer overflow

Range check the statsVersion argument of the GetStatisitics64 RPC to
avoid a buffer overflow in the fileserver, or a huge memory allocation,
by a rogue client.

FIXES 131803

(cherry picked from commit bd2cc32da969abe57334d20563d5cddf065a905e)

Change-Id: I05b18b9f4bacd8981eafb9fe4b5aea904f88a9cc
---

diff --git a/src/viced/afsfileprocs.c b/src/viced/afsfileprocs.c
index 2d86ea9f6..465d6f1e3 100644
--- a/src/viced/afsfileprocs.c
+++ b/src/viced/afsfileprocs.c
@@ -5892,6 +5892,11 @@ SRXAFS_GetStatistics64(struct rx_call *acall, afs_int32 statsVersion, ViceStatis
     if ((code = CallPreamble(acall, NOTACTIVECALL, &tcon, &thost)))
 	goto Bad_GetStatistics64;
 
+    if (statsVersion != STATS64_VERSION) {
+	code = EINVAL;
+	goto Bad_GetStatistics64;
+    }
+
     ViceLog(1, ("SAFS_GetStatistics64 Received\n"));
     Statistics->ViceStatistics64_val =
 	malloc(statsVersion*sizeof(afs_int64));