From 61e58102e3bc109eac280323867b9b25d1870859 Mon Sep 17 00:00:00 2001 From: Michael Meffie Date: Sat, 15 Feb 2014 12:03:43 -0500 Subject: [PATCH] viced: fix get-statistics64 buffer overflow Range check the statsVersion argument of the GetStatisitics64 RPC to avoid a buffer overflow in the fileserver, or a huge memory allocation, by a rogue client. FIXES 131803 (cherry picked from commit bd2cc32da969abe57334d20563d5cddf065a905e) Change-Id: I05b18b9f4bacd8981eafb9fe4b5aea904f88a9cc --- src/viced/afsfileprocs.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/viced/afsfileprocs.c b/src/viced/afsfileprocs.c index 2d86ea9f6..465d6f1e3 100644 --- a/src/viced/afsfileprocs.c +++ b/src/viced/afsfileprocs.c @@ -5892,6 +5892,11 @@ SRXAFS_GetStatistics64(struct rx_call *acall, afs_int32 statsVersion, ViceStatis if ((code = CallPreamble(acall, NOTACTIVECALL, &tcon, &thost))) goto Bad_GetStatistics64; + if (statsVersion != STATS64_VERSION) { + code = EINVAL; + goto Bad_GetStatistics64; + } + ViceLog(1, ("SAFS_GetStatistics64 Received\n")); Statistics->ViceStatistics64_val = malloc(statsVersion*sizeof(afs_int64)); -- 2.39.5