OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_23-74-ge654f63
Gerrit Code Review
gerrit@openafs.org
Fri, 14 Sep 2018 09:13:47 -0400
The following commit has been merged in the openafs-stable-1_6_x branch:
commit 187cf8717cb983eeabb919b2ac189fa5505c369c
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Fri Jul 6 03:14:19 2018 -0400
OPENAFS-SA-2018-003 rxgen: prevent unbounded input arrays
RPCs with unbounded arrays as inputs are susceptible to remote
denial-of-service (DOS) attacks. A malicious client may submit an RPC
request with an arbitrarily large array, forcing the server to expend
large amounts of network bandwidth, cpu cycles, and heap memory to
unmarshal the input.
Instead, issue an error message and stop rxgen when it detects an RPC
defined with an unbounded input array. Thus we will detect the problem
at build time and prevent any future unbounded input arrays.
(cherry picked from commit a4c1d5c48deca2ebf78b1c90310b6d56b3d48af6)
(cherry picked from commit 2cf5cfa8561047e855fed9ab35d1a041e309e39a)
(cherry picked from commit 289a5643e7af399b3e99eb33d50b6c602e442a02)
Change-Id: If5222aab9ce700ba8d9520e5e2e81e66e1b87fd1
src/rxgen/rpc_parse.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
--
OpenAFS Master Repository