[OpenAFS-devel] xdr_array vulnerability

Jim Rees Tue, 14 Jan 2003 14:41:58 -0800

Would someone who is familiar with xdr comment on this patch?  It looks
right to me, and an OpenBSD security advisory implies that it's needed to
close a remote exploit.


Index: src/rx/xdr_array.c
===================================================================
RCS file: /cvs/openafs/src/rx/xdr_array.c,v
retrieving revision 1.7
diff -u -r1.7 xdr_array.c
--- src/rx/xdr_array.c  2002/10/16 03:58:50     1.7
+++ src/rx/xdr_array.c  2003/01/14 22:38:48
@@ -92,7 +92,7 @@
                return (FALSE);
        }
        c = *sizep;
-       if ((c > maxsize) && (xdrs->x_op != XDR_FREE)) {
+       if ((c > maxsize || c > 0xffffffffU/elsize) && (xdrs->x_op != XDR_FREE)) {
                return (FALSE);
        }
        nodesize = c * elsize;
_______________________________________________
OpenAFS-devel mailing list
[EMAIL PROTECTED]
https://lists.openafs.org/mailman/listinfo/openafs-devel

[OpenAFS-devel] xdr_array vulnerability

Reply via email to