OpenAFS Master Repository branch, master, updated. BP-openafs-stable-1_8_x-220-gd5816fd

Gerrit Code Review gerrit@openafs.org
Tue, 11 Sep 2018 15:01:03 -0400


The following commit has been merged in the master branch:
commit 8b92d015ccdfcb70c7acfc38e330a0475a1fbe28
Author: Mark Vitale <mvitale@sinenomine.net>
Date:   Fri Jul 6 03:21:26 2018 -0400

    OPENAFS-SA-2018-003 volser: prevent unbounded input to various AFSVol* RPCs
    
    Several AFSVol* RPCs are defined with an unbounded XDR "string" as
    input.
    
    RPCs with unbounded arrays as inputs are susceptible to remote
    denial-of-service (DOS) attacks.  A malicious client may submit an
    AFSVol* request with an arbitrarily large string, forcing the volserver
    to expend large amounts of network bandwidth, cpu cycles, and heap
    memory to unmarshal the input.
    
    Instead, give each input "string" an appropriate size.
    Volume names are inherently capped to 32 octets (including trailing NUL)
    by the protocol, but there is less clearly a hard limit on partition names.
    The Vol_PartitionInfo{,64} functions accept a partition name as input and
    also return a partition name in the output structure; the output values
    have wire-protocol limits, so larger values could not be retrieved by clients,
    but for denial-of-service purposes, a more generic PATH_MAX-like value seems
    appropriate.  We have several varying sources of such a limit in the tree, but
    pick 4k as the least-restrictive.
    
    [kaduk@mit.edu: use a larger limit for pathnames and expand on PATH_MAX in
    commit message]
    
    Change-Id: Iea4b24d1bb3570d4c422dd0c3247cd38cdbf4bab

 src/volser/volint.xg |   12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

-- 
OpenAFS Master Repository