ptserver: Increase length limit of namelist, idlist, prlist, prentries 38/13838/3
authorStephan Wiesand <stephan.wiesand@desy.de>
Fri, 6 Sep 2019 11:35:02 +0000 (13:35 +0200)
committerBenjamin Kaduk <kaduk@mit.edu>
Mon, 9 Sep 2019 04:33:38 +0000 (00:33 -0400)
commitd1e90b82ebb2685cbac3ecb3fd99136328b35357
tree33abc57b020035d8dd58ed92b1a677afc060f22e
parent54150f381de34d2a0c85ab15cf25801effd0c154
ptserver: Increase length limit of namelist, idlist, prlist, prentries

An implementation limit of those lists was introduced in commit
a0ffea098d8c5c5b46c6bf86a12d28d6e7096685 to prevent using unlimited
amounts of memory in ptserver and the client.  Subsequent reports
indicate that the chosen limits are small enough to restrict
functionality currently in use at some sites where membership lists
exceed the current limit.  Since this is just an implementation-
defined limit and can freely change from release to release, increase
the threshold by an order of magnitude to preserve functionality for
existing deployments while still retaining some protection against
attacker-controlled excessive memory allocation.

Change-Id: I857bb3b697909668eb71224b631dfbb7e3c03d3c
Reviewed-on: https://gerrit.openafs.org/13838
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
src/ptserver/ptint.xg