The following commit has been merged in the openafs-stable-1_8_x branch:
commit 101c114bd3bcc662c49a565dffc597a70ef1ea80
Author: Mark Vitale <[email protected]>
Date: Wed Jun 6 15:23:26 2018 -0400
xdr: avoid xdr_enum memory overrun
Since openafs-ibm-1_0, xdr_enum has used xdr_long to read and write, even
though enum_t is defined as int. For systems where sizeof(int) ==
sizeof(long), this works by accident. But other systems (e.g., DARWIN
ARCHFLAGS=x86_64) xdr_enum will overrun its int-sized second parameter. For
XDR_DECODE, this results in memory corruption.
This was first noticed with OpenAFS 1.8.0 on macOS 10.13; if aklog is issued
while already holding a token, it will fail in token_SetsEquivalent with a
segfault in decodeToken. The root cause is that the address passed to
decodeToken had been overwritten by a previous call to tokenType ->
xdr_enum ->
xdr_long.
Instead, modify xdr_enum to use xdr_int for its work.
Reviewed-on: https://gerrit.openafs.org/13075
Tested-by: BuildBot <[email protected]>
Reviewed-by: Andrew Deason <[email protected]>
Reviewed-by: Benjamin Kaduk <[email protected]>
(cherry picked from commit eb1d2ef203a2a99c908b3b89d9ea8337a91b944b)
Change-Id: I548ab43fe4513262b6be0608be45bfd8580e6ed8
Reviewed-on: https://gerrit.openafs.org/13183
Tested-by: BuildBot <[email protected]>
Reviewed-by: Michael Meffie <[email protected]>
Reviewed-by: Joe Gorse <[email protected]>
Reviewed-by: Andrew Deason <[email protected]>
Reviewed-by: Marcio Brito Barbosa <[email protected]>
Reviewed-by: Mark Vitale <[email protected]>
Reviewed-by: Benjamin Kaduk <[email protected]>
src/rx/xdr.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
--
OpenAFS Master Repository
_______________________________________________
OpenAFS-cvs mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-cvs
