OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_9-79-g1174e0a

Thu, 26 Jun 2014 05:28:46 -0400

The following commit has been merged in the openafs-stable-1_6_x branch:
commit 1174e0a6adcc4cfe7719e7090d75b4eda855998d
Author: Anders Kaseorg <andersk@mit.edu>
Date:   Sun May 4 05:30:25 2014 -0400

    Fix buffer length validation in ktc_GetToken and knfs
    
    The signed int tktLen is checked against a maximum size, then passed
    as the unsigned size_t argument to memcpy.  So we need to make sure it
    isn’t negative.
    
    This doesn’t appear to be exploitable: tktLen comes from the kernel,
    which should have previously validated the length within the SETTOK
    pioctl.
    
    This bug was found with STACK <http://css.csail.mit.edu/stack/>.
    
    Signed-off-by: Anders Kaseorg <andersk@mit.edu>
    Reviewed-on: http://gerrit.openafs.org/11109
    Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
    (cherry picked from commit 9c10c202f1f2e516dde8b70c3a3b69a73d163070)
    
    Change-Id: Id8dacdc00fd686d4f2ff234ffd6c8f5346d9e7b0
    Reviewed-on: http://gerrit.openafs.org/11112
    Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
    Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    Reviewed-by: Anders Kaseorg <andersk@mit.edu>
    Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

 src/auth/ktc.c   |    2 +-
 src/kauth/knfs.c |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

-- 
OpenAFS Master Repository