OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_23-74-ge654f63

[Gerrit Code Review]

The following commit has been merged in the openafs-stable-1_6_x branch:
commit 35240e33317658a396cd3da994b5d20a71f4abc3
Author: Mark Vitale <mvitale@sinenomine.net>
Date:   Fri Jul 6 01:09:53 2018 -0400

    OPENAFS-SA-2018-003 volser: prevent unbounded input to AFSVolForwardMultiple
    
    AFSVolForwardMultiple is defined with an input parameter that is defined
    to XDR as an unbounded array of replica structs:
      typedef replica manyDests<>;
    
    RPCs with unbounded arrays as inputs are susceptible to remote
    denial-of-service (DOS) attacks.  A malicious client may submit an
    AFSVolForwardMultiple request with an arbitrarily large array, forcing
    the volserver to expend large amounts of network bandwidth, cpu cycles,
    and heap memory to unmarshal the input.
    
    Even though AFSVolForwardMultiple requires superuser authorization, this
    attack is exploitable by non-authorized actors because XDR unmarshalling
    happens long before any authorization checks can occur.
    
    Add a bounding constant (NMAXNSERVERS 13) to the manyDests input array.
    This constant is derived from the current OpenAFS vldb implementation, which
    is limited to 13 replica sites for a given volume by the layout (size) of the
    serverNumber, serverPartition, and serverFlags fields.
    
    [kaduk@mit.edu: explain why this constant is used]
    
    (cherry picked from commit 97b0ee4d9c9d069e78af2e046c7987aa4d3f9844)
    
    (cherry picked from commit fac3749f0d180e0ca229326c0e8568a60e17d3e9)
    
    (cherry picked from commit ea30e64d1b2153f51a83069f3471356553a27a2b)
    
    Change-Id: Ib2e5d4cc660e0a278b9dbd10ac2db656239e1302

 src/volser/volint.xg |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

-- 
OpenAFS Master Repository