From: Jeffrey Altman <jaltman@mit.edu>
Date: Thu, 15 Apr 2004 00:26:13 +0000 (+0000)
Subject: ticket-1241-20040414
X-Git-Tag: openafs-devel-1_3_64~64
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=f8ed1111d76bbf36a466036ff74b44e1425be8bd;p=packages%2Fo%2Fopenafs.git

ticket-1241-20040414

FIXES 1241

Modify buffer allocation to support tokens up to MAXPIOCTLTOKENLEN
(3*sizeof(afs_int32)+MAXKTCTICKETLEN+sizeof(struct ClearToken)+MAXKTCREALMLEN)
in length.
---

diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
index b76e61e64..56824499d 100644
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@@ -1049,6 +1049,8 @@ afs_syscall_pioctl(path, com, cmarg, follow)
 #endif
 }
 
+#define MAXPIOCTLTOKENLEN \
+(3*sizeof(afs_int32)+MAXKTCTICKETLEN+sizeof(struct ClearToken)+MAXKTCREALMLEN)
 
 int
 afs_HandlePioctl(struct vnode *avp, afs_int32 acom,
@@ -1059,7 +1061,7 @@ afs_HandlePioctl(struct vnode *avp, afs_int32 acom,
     struct vrequest treq;
     register afs_int32 code;
     register afs_int32 function, device;
-    afs_int32 inSize, outSize;
+    afs_int32 inSize, outSize, outSizeMax;
     char *inData, *outData;
     int (*(*pioctlSw)) ();
     int pioctlSwSize;
@@ -1101,37 +1103,66 @@ afs_HandlePioctl(struct vnode *avp, afs_int32 acom,
     inSize = ablob->in_size;
 
     /* Do all range checking before continuing */
-    if (inSize >= PIGGYSIZE || inSize < 0 || ablob->out_size < 0)
+    if (inSize >= MAXPIOCTLTOKENLEN || inSize < 0 || ablob->out_size < 0)
 	return E2BIG;
 
-    inData = osi_AllocLargeSpace(AFS_LRALLOCSIZ);
+    if (inSize > AFS_LRALLOCSIZE) {
+        inData = osi_AllocLargeSpace(inSize+1);
+    } else {
+        inData = osi_AllocLargeSpace(AFS_LRALLOCSIZ);
+    }
+    if (!inData)
+        return ENOMEM;
     if (inSize > 0) {
 	AFS_COPYIN(ablob->in, inData, inSize, code);
 	inData[inSize] = '\0';
     } else
 	code = 0;
     if (code) {
-	osi_FreeLargeSpace(inData);
-	afs_PutFakeStat(&fakestate);
-	return code;
+    if (inSize > AFS_LRALLOCSIZ) {
+        osi_Free(inData, inSize+1);
+    } else {
+        osi_FreeLargeSpace(inData);
+    }
+    afs_PutFakeStat(&fakestate);
+    return code;
+    }
+    if (function == 8 && device == 'V') { /* PGetTokens */
+        outSizeMax = MAXPIOCTLTOKENLEN;
+        outData = osi_Alloc(outSizeMax);
+    } else {
+        outSizeMax = AFS_LRALLOCSIZ;
+        outData = osi_AllocLargeSpace(AFS_LRALLOCSIZ);
+    }
+    if (!outData) {
+        if (inSize > AFS_LRALLOCSIZ) {
+            osi_Free(inData, inSize+1);
+        } else {
+            osi_FreeLargeSpace(inData);
+        }
+        return ENOMEM;
     }
-    outData = osi_AllocLargeSpace(AFS_LRALLOCSIZ);
     outSize = 0;
     code =
 	(*pioctlSw[function]) (avc, function, &treq, inData, outData, inSize,
 			       &outSize, acred);
-    osi_FreeLargeSpace(inData);
+    if (inSize > AFS_LRALLOCSIZ) {
+        osi_Free(inData, inSize+1);
+    } else {
+        osi_FreeLargeSpace(inData);
+    }
     if (code == 0 && ablob->out_size > 0) {
-	if (outSize > ablob->out_size)
-	    outSize = ablob->out_size;
-	if (outSize >= PIGGYSIZE)
-	    code = E2BIG;
-	else if (outSize) {
-	    outData[outSize] = '\0';
-	    AFS_COPYOUT(outData, ablob->out, outSize, code);
-	}
+        if (outSize > ablob->out_size) {
+            code = E2BIG; /* data wont fit in user buffer */
+        } else if (outSize) {
+            AFS_COPYOUT(outData, ablob->out, outSize, code);
+        }
+    }
+    if (outSizeMax > AFS_LRALLOCSIZ) {
+        osi_Free(outData, outSizeMax);
+    } else {
+        osi_FreeLargeSpace(outData);
     }
-    osi_FreeLargeSpace(outData);
     afs_PutFakeStat(&fakestate);
     return afs_CheckCode(code, &treq, 41);
 }
diff --git a/src/auth/ktc.c b/src/auth/ktc.c
index 5308f64dd..d1c22b58a 100644
--- a/src/auth/ktc.c
+++ b/src/auth/ktc.c
@@ -264,6 +264,9 @@ NewSetToken(aserver, atoken, aclient, flags)
     return EINVAL;
 }
 
+#define MAXPIOCTLTOKENLEN \
+(3*sizeof(afs_int32)+MAXKTCTICKETLEN+sizeof(struct ClearToken)+MAXKTCREALMLEN)
+
 static int
 OldSetToken(aserver, atoken, aclient, flags)
      struct ktc_principal *aserver, *aclient;
@@ -271,7 +274,7 @@ OldSetToken(aserver, atoken, aclient, flags)
      afs_int32 flags;
 {
     struct ViceIoctl iob;
-    char tbuffer[1024];
+    char tbuffer[MAXPIOCTLTOKENLEN];
     register char *tp;
     struct ClearToken ct;
     register afs_int32 code;
@@ -488,7 +491,7 @@ ktc_GetToken(aserver, atoken, atokenLen, aclient)
      struct ktc_token *atoken;
 {
     struct ViceIoctl iob;
-    char tbuffer[1024];
+    char tbuffer[MAXPIOCTLTOKENLEN];
     register afs_int32 code;
     int index;
     char *stp, *cellp;		/* secret token ptr */
@@ -679,7 +682,7 @@ ktc_ListTokens(aprevIndex, aindex, aserver)
      struct ktc_principal *aserver;
 {
     struct ViceIoctl iob;
-    char tbuffer[1024];
+    char tbuffer[MAXPIOCTLTOKENLEN];
     register afs_int32 code;
     register char *tp;
     afs_int32 temp, index;