git.openafs.org Git - openafs.git/commit

author	Andrew Deason <adeason@sinenomine.net>
	Fri, 16 Oct 2020 15:55:15 +0000 (10:55 -0500)
committer	Benjamin Kaduk <kaduk@mit.edu>
	Tue, 12 Nov 2024 18:06:17 +0000 (13:06 -0500)
commit	4871f8ad2775e97bb85ff7efc33a4ad8d3f6d9d1
tree	714ba8776a4ef3ace1b8fd1dccd7cbbd0f2fd209	tree \| snapshot
parent	25ad3931d5c03ead625a96e6b626febeb3e20453	commit \| diff

OPENAFS-SA-2024-003: sys: Don't over-copy RMTSYS_Pioctl output data

CVE-2024-10397

Here, 'OutData' only has OutData.rmtbulk_len bytes in it. We know that
OutData.rmtbulk_len is at most data->out_size, but it could be
smaller. So, only copy OutData.rmtbulk_len bytes, not data->out_size,
since data->out_size could be more than the number of bytes we have
allocated in OutData.

FIXES 135043

Reviewed-on: https://gerrit.openafs.org/15924
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit f31a79d749abc8e64a8d9ac748bb2b5457875099)

Change-Id: Ic05751d05c7c8862770188131110cc602c9b93b7
Reviewed-on: https://gerrit.openafs.org/15946
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>