OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_13-3-g60be338

Gerrit Code Review gerrit@openafs.org
Thu, 13 Aug 2015 08:45:12 -0400 

The following commit has been merged in the openafs-stable-1_6_x branch:
commit 60be338c2de58f2a33c64bdb41c006574ba7fd0e
Author: Jeffrey Altman <jaltman@your-file-system.com>
Date:   Sat Aug 1 09:32:35 2015 -0400

    vlserver: ListAttributesN2 volume name safety
    
    The vlserver ListAttributesN2 RPC permits filtering the result set
    by volume name in addition by site or volume id.
    
    Two issues identified by Andrew Deason (Sine Nomine Associates) are
    addressed by this patch.  First, the size of the volumename[] buffer
    is insufficient to store the valid input read over the network.  The
    buffer needs to be able to store VL_MAXNAMELEN characters of the volume
    name, two characters for the regular expression '^' and '$', and the
    trailing NUL.
    
    Second, sprintf() is used to write to the buffer and even with valid
    input from the caller SVL_ListAttributesN2 can overflow the buffer
    when ".backup" and ".readonly" are appended to the volume name.  If
    there is an overflow the search name is invalid and there can not be
    a valid match.
    
    This patch increases the size of volumename[] to VL_MAXNAMELEN+3.
    
    It also uses snprintf() instead of sprintf() and performs error
    checking.  The error VL_BADNAME is returned when the network input is
    invalid.
    
    Reviewed-on: http://gerrit.openafs.org/11969
    Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
    Reviewed-by: Nathaniel Filardo <nwfilardo@gmail.com>
    Reviewed-by: Daria Brashear <shadow@your-file-system.com>
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    (cherry picked from commit c9f430fd8f479bbfe28829f7032ecd325a4f833d)
    
    Change-Id: I1b48cc8ed1a52afc36465f2fbd5bfd5345e90c41
    Reviewed-on: http://gerrit.openafs.org/11976
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
    Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
    Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
    Tested-by: Benjamin Kaduk <kaduk@mit.edu>
    Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

 src/vlserver/vlprocs.c |   33 +++++++++++++++++++++++++++------
 1 files changed, 27 insertions(+), 6 deletions(-)

-- 
OpenAFS Master Repository