The following commit has been merged in the master branch: commit 0f7efd94fa12cf82efe6c31ee33d9b3ca51666e1 Author: Jeffrey Altman <jalt...@secure-endpoints.com> Date: Sun Sep 6 15:10:56 2009 -0400
Windows: Add data validation to ktc_xxxx functions that perform pioctls The ktc_GetToken and ktc_ListTokens functions perform a pioctl and then parse the response data. There is no validation that the data required is not longer than the pioctl output or that the data received fits into the data structures that are being written. As a result, random crashes have occurred when the wrong data has been received from the pioctl. This commit adds data validation to at least ensure that these functions cannot read beyond the data provided or write beyond the allocated memory. LICENSE MIT Reviewed-on: http://gerrit.openafs.org/405 Reviewed-by: Derrick Brashear <sha...@dementia.org> Reviewed-by: Asanka Herath <asa...@secure-endpoints.com> Tested-by: Asanka Herath <asa...@secure-endpoints.com> Reviewed-by: Jeffrey Altman <jalt...@openafs.org> Tested-by: Jeffrey Altman <jalt...@openafs.org> src/auth/ktc_nt.c | 90 +++++++++++++++++++++++++++++++++++++++++++++------- 1 files changed, 78 insertions(+), 12 deletions(-) -- OpenAFS Master Repository _______________________________________________ OpenAFS-cvs mailing list OpenAFS-cvs@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-cvs