git.openafs.org Git - openafs.git/commit

author	Benjamin Kaduk <kaduk@mit.edu>
	Tue, 5 Nov 2024 04:50:50 +0000 (20:50 -0800)
committer	Benjamin Kaduk <kaduk@mit.edu>
	Tue, 12 Nov 2024 18:05:47 +0000 (13:05 -0500)
commit	a96a3160f5425125588f39f5ac612df3ef9b9a8a
tree	78666837f109283efbfb05865566d4d7f96f6d1a	tree \| snapshot
parent	64068705b15661a8d4e0b9f9f2ad4aec34ed51a7	commit \| diff

OPENAFS-SA-2024-002: verify FetchACL returned only a string

CVE-2024-10396

Supplement the previous commit by additionally verifying that
the returned ACL string occupies the entire XDR opaque, rejecting
any values returned that have an internal NUL prior to the end
of the opaque.

Reviewed-on: https://gerrit.openafs.org/15915
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 7e13414e8ea995d438cde3e60988225f3ab4cbcd)

Change-Id: I107f89e3d8a5c3c5cd67f6296742bfca7cace0e1
Reviewed-on: https://gerrit.openafs.org/15936
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>

src/WINNT/afsd/cm_ioctl.c		diff \| blob \| history
src/afs/afs_pioctl.c		diff \| blob \| history
src/libafscp/afscp_acl.c		diff \| blob \| history