git://git.openafs.org / openafs.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw
OPENAFS-SA-2018-003 vlserver: prevent unbounded input to VL_RegisterAddrs
[openafs.git] / src / vlserver / vldbint.xg
diff --git a/src/vlserver/vldbint.xg b/src/vlserver/vldbint.xg
index ff34d12..523fe80 100644 (file)
--- a/src/vlserver/vldbint.xg
+++ b/src/vlserver/vldbint.xg
@@ -208,7 +208,12 @@ const VLOP_DUMP        = 0x100;
 typedef        vldbentry bulkentries<>;
 typedef        nvldbentry nbulkentries<>;
 typedef        uvldbentry ubulkentries<>;
-typedef afs_uint32 bulkaddrs<>;
+/*
+ * 500 is an arbitrary implementation limit, larger than what we support storing.
+ * It lets the XDR decoder detect an attack (excessively large input) and reject
+ * it without incurring excessive resource usage.
+ */
+typedef afs_uint32 bulkaddrs<500>;
 
 struct VLCallBack {
     afs_uint32 CallBackVersion;
OpenAFS Master Repository