Range check the statsVersion argument of the GetStatisitics64 RPC to
avoid a buffer overflow in the fileserver, or a huge memory allocation,
by a rogue client.
FIXES 131803
(cherry picked from commit
bd2cc32da969abe57334d20563d5cddf065a905e)
Change-Id: I05b18b9f4bacd8981eafb9fe4b5aea904f88a9cc
if ((code = CallPreamble(acall, NOTACTIVECALL, &tcon, &thost)))
goto Bad_GetStatistics64;
+ if (statsVersion != STATS64_VERSION) {
+ code = EINVAL;
+ goto Bad_GetStatistics64;
+ }
+
ViceLog(1, ("SAFS_GetStatistics64 Received\n"));
Statistics->ViceStatistics64_val =
malloc(statsVersion*sizeof(afs_int64));