OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_22_2-73-g0cdb370
Gerrit Code Review
gerrit@openafs.org
Tue, 11 Sep 2018 15:00:58 -0400
The following commit has been merged in the openafs-stable-1_6_x branch:
commit 39b675e243be70237ba9460b49b461c128aedffd
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Fri Jul 6 03:21:26 2018 -0400
OPENAFS-SA-2018-003 volser: prevent unbounded input to various AFSVol* RPCs
Several AFSVol* RPCs are defined with an unbounded XDR "string" as
input.
RPCs with unbounded arrays as inputs are susceptible to remote
denial-of-service (DOS) attacks. A malicious client may submit an
AFSVol* request with an arbitrarily large string, forcing the volserver
to expend large amounts of network bandwidth, cpu cycles, and heap
memory to unmarshal the input.
Instead, give each input "string" an appropriate size.
Volume names are inherently capped to 32 octets (including trailing NUL)
by the protocol, but there is less clearly a hard limit on partition names.
The Vol_PartitionInfo{,64} functions accept a partition name as input and
also return a partition name in the output structure; the output values
have wire-protocol limits, so larger values could not be retrieved by clients,
but for denial-of-service purposes, a more generic PATH_MAX-like value seems
appropriate. We have several varying sources of such a limit in the tree, but
pick 4k as the least-restrictive.
[kaduk@mit.edu: use a larger limit for pathnames and expand on PATH_MAX in
commit message]
(cherry picked from commit 8b92d015ccdfcb70c7acfc38e330a0475a1fbe28)
(cherry picked from commit fe41fa565be6e325da75f3e9b8fbdac2c521b027)
Change-Id: I0ba32b30d260e0e1f66cad0f383441a446f7b7bc
src/volser/volint.xg | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
--
OpenAFS Master Repository