[OpenAFS-devel] xdr_array vulnerability
Jim Rees
rees@umich.edu
Tue, 14 Jan 2003 17:41:06 -0500
Would someone who is familiar with xdr comment on this patch? It looks
right to me, and an OpenBSD security advisory implies that it's needed to
close a remote exploit.
Index: src/rx/xdr_array.c
===================================================================
RCS file: /cvs/openafs/src/rx/xdr_array.c,v
retrieving revision 1.7
diff -u -r1.7 xdr_array.c
--- src/rx/xdr_array.c 2002/10/16 03:58:50 1.7
+++ src/rx/xdr_array.c 2003/01/14 22:38:48
@@ -92,7 +92,7 @@
return (FALSE);
}
c = *sizep;
- if ((c > maxsize) && (xdrs->x_op != XDR_FREE)) {
+ if ((c > maxsize || c > 0xffffffffU/elsize) && (xdrs->x_op != XDR_FREE)) {
return (FALSE);
}
nodesize = c * elsize;