From bd2cc32da969abe57334d20563d5cddf065a905e Mon Sep 17 00:00:00 2001 From: Michael Meffie Date: Sat, 15 Feb 2014 12:03:43 -0500 Subject: [PATCH] viced: fix get-statistics64 buffer overflow Range check the statsVersion argument of the GetStatisitics64 RPC to avoid a buffer overflow in the fileserver, or a huge memory allocation, by a rogue client. FIXES 131803 Change-Id: Ib084ca28cbe350d846fa5978d489e523aaae299b --- src/viced/afsfileprocs.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/viced/afsfileprocs.c b/src/viced/afsfileprocs.c index 76e7ff1ad..3d1d50434 100644 --- a/src/viced/afsfileprocs.c +++ b/src/viced/afsfileprocs.c @@ -5122,6 +5122,11 @@ SRXAFS_GetStatistics64(struct rx_call *acall, afs_int32 statsVersion, ViceStatis if ((code = CallPreamble(acall, NOTACTIVECALL, NULL, &tcon, &thost))) goto Bad_GetStatistics64; + if (statsVersion != STATS64_VERSION) { + code = EINVAL; + goto Bad_GetStatistics64; + } + ViceLog(1, ("SAFS_GetStatistics64 Received\n")); Statistics->ViceStatistics64_val = malloc(statsVersion*sizeof(afs_uint64)); -- 2.39.5