The following commit has been merged in the openafs-stable-1_6_x branch:
commit 1174e0a6adcc4cfe7719e7090d75b4eda855998d
Author: Anders Kaseorg <[email protected]>
Date: Sun May 4 05:30:25 2014 -0400
Fix buffer length validation in ktc_GetToken and knfs
The signed int tktLen is checked against a maximum size, then passed
as the unsigned size_t argument to memcpy. So we need to make sure it
isn’t negative.
This doesn’t appear to be exploitable: tktLen comes from the kernel,
which should have previously validated the length within the SETTOK
pioctl.
This bug was found with STACK <http://css.csail.mit.edu/stack/>.
Signed-off-by: Anders Kaseorg <[email protected]>
Reviewed-on: http://gerrit.openafs.org/11109
Reviewed-by: Chas Williams - CONTRACTOR <[email protected]>
Tested-by: BuildBot <[email protected]>
Reviewed-by: Jeffrey Altman <[email protected]>
(cherry picked from commit 9c10c202f1f2e516dde8b70c3a3b69a73d163070)
Change-Id: Id8dacdc00fd686d4f2ff234ffd6c8f5346d9e7b0
Reviewed-on: http://gerrit.openafs.org/11112
Reviewed-by: Perry Ruiter <[email protected]>
Reviewed-by: Chas Williams - CONTRACTOR <[email protected]>
Tested-by: BuildBot <[email protected]>
Reviewed-by: Anders Kaseorg <[email protected]>
Reviewed-by: Stephan Wiesand <[email protected]>
src/auth/ktc.c | 2 +-
src/kauth/knfs.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--
OpenAFS Master Repository
_______________________________________________
OpenAFS-cvs mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-cvs
