From e03c2ab0067f73ee9172f8dc0fe6efcf5852677e Mon Sep 17 00:00:00 2001
From: Nickolai Zeldovich <kolya@mit.edu>
Date: Mon, 23 Apr 2001 04:36:17 +0000
Subject: [PATCH] STABLE10-do-bounds-checking-in-psetvolumestatus-20010422

Previously it was possible to overflow the variables used to construct a
SetVolumeStatus call
---
 src/afs/afs_pioctl.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
index d4d00375e..2044147c5 100644
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@@ -1502,10 +1502,16 @@ static PSetVolumeStatus(avc, afun, areq, ain, aout, ainSize, aoutSize)
     cp = ain;
     bcopy(cp, (char *)&volstat, sizeof(AFSFetchVolumeStatus));
     cp += sizeof(AFSFetchVolumeStatus);
+    if (strlen(cp) >= sizeof(volName))
+	return E2BIG;
     strcpy(volName, cp);
     cp += strlen(volName)+1;
+    if (strlen(cp) >= sizeof(offLineMsg))
+	return E2BIG;
     strcpy(offLineMsg, cp);
     cp +=  strlen(offLineMsg)+1;
+    if (strlen(cp) >= sizeof(motd))
+	return E2BIG;
     strcpy(motd, cp);
     storeStat.Mask = 0;
     if (volstat.MinQuota != -1) {
-- 
2.39.5