From 639ee571a7953a80e156789a0494d7979681134f Mon Sep 17 00:00:00 2001 From: Stephan Wiesand Date: Fri, 6 Sep 2019 13:35:02 +0200 Subject: [PATCH] ptserver: Increase length limit of namelist, idlist, prlist, prentries An implementation limit of those lists was introduced in commit a0ffea098d8c5c5b46c6bf86a12d28d6e7096685 to prevent using unlimited amounts of memory in ptserver and the client. Subsequent reports indicate that the chosen limits are small enough to restrict functionality currently in use at some sites where membership lists exceed the current limit. Since this is just an implementation- defined limit and can freely change from release to release, increase the threshold by an order of magnitude to preserve functionality for existing deployments while still retaining some protection against attacker-controlled excessive memory allocation. Reviewed-on: https://gerrit.openafs.org/13838 Reviewed-by: Michael Meffie Reviewed-by: Andrew Deason Tested-by: Andrew Deason Reviewed-by: Benjamin Kaduk (cherry picked from commit d1e90b82ebb2685cbac3ecb3fd99136328b35357) Change-Id: Ifa229179ad6d2962a8d49df6abd1add94fad7259 Reviewed-on: https://gerrit.openafs.org/13844 Reviewed-by: Michael Meffie Reviewed-by: Andrew Deason Tested-by: BuildBot Reviewed-by: Stephan Wiesand --- src/ptserver/ptint.xg | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ptserver/ptint.xg b/src/ptserver/ptint.xg index 100231dc0..fba32ccf1 100644 --- a/src/ptserver/ptint.xg +++ b/src/ptserver/ptint.xg @@ -103,8 +103,8 @@ const PRUPDATE_IDHASH = 0x0010; %#define PR_SF_NUSERS (1u<<30) /* " " foreign users " */ /* OpenAFS implementation limit. This limit can be modified in future releases - * and does not need to match the limis applied by other implementations. */ -const OPENAFS_MAXPRLIST=50000; + * and does not need to match the limits applied by other implementations. */ +const OPENAFS_MAXPRLIST=500000; typedef char prname[PR_MAXNAMELEN]; typedef prname namelist; -- 2.39.5