OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_9-79-g1174e0a

Gerrit Code Review
Thu, 26 Jun 2014 05:28:46 -0400

The following commit has been merged in the openafs-stable-1_6_x branch:
commit 1174e0a6adcc4cfe7719e7090d75b4eda855998d
Author: Anders Kaseorg <>
Date:   Sun May 4 05:30:25 2014 -0400

    Fix buffer length validation in ktc_GetToken and knfs
    The signed int tktLen is checked against a maximum size, then passed
    as the unsigned size_t argument to memcpy.  So we need to make sure it
    isn’t negative.
    This doesn’t appear to be exploitable: tktLen comes from the kernel,
    which should have previously validated the length within the SETTOK
    This bug was found with STACK <>.
    Signed-off-by: Anders Kaseorg <>
    Reviewed-by: Chas Williams - CONTRACTOR <>
    Tested-by: BuildBot <>
    Reviewed-by: Jeffrey Altman <>
    (cherry picked from commit 9c10c202f1f2e516dde8b70c3a3b69a73d163070)
    Change-Id: Id8dacdc00fd686d4f2ff234ffd6c8f5346d9e7b0
    Reviewed-by: Perry Ruiter <>
    Reviewed-by: Chas Williams - CONTRACTOR <>
    Tested-by: BuildBot <>
    Reviewed-by: Anders Kaseorg <>
    Reviewed-by: Stephan Wiesand <>

 src/auth/ktc.c   |    2 +-
 src/kauth/knfs.c |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

OpenAFS Master Repository