git://git.openafs.org
/
openafs.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
(parent:
6198de5
)
DEVEL15-windows-pioctl-buffer-overrun-20070609
author
Asanka Herath
<asanka@secure-endpoints.com>
Sun, 10 Jun 2007 06:55:42 +0000 (06:55 +0000)
committer
Jeffrey Altman
<jaltman@secure-endpoints.com>
Sun, 10 Jun 2007 06:55:42 +0000 (06:55 +0000)
this patch protects against a buffer overrun in the client if the
server were to send more data than the receiving buffer can hold.
(cherry picked from commit
8a814a5596e9d8db1c24326715f794ae46966b3b
)
src/sys/pioctl_nt.c
patch
|
blob
|
history
diff --git
a/src/sys/pioctl_nt.c
b/src/sys/pioctl_nt.c
index
05486c7
..
8f2b940
100644
(file)
--- a/
src/sys/pioctl_nt.c
+++ b/
src/sys/pioctl_nt.c
@@
-991,6
+991,10
@@
pioctl(char *pathp, long opcode, struct ViceIoctl *blobp, int follow)
MarshallString(&preq, fullPath);
if (blobp->in_size) {
+ if (blobp->in_size > sizeof(preq.data) - (preq.mp - preq.data)*sizeof(char)) {
+ errno = E2BIG;
+ return -1;
+ }
memcpy(preq.mp, blobp->in, blobp->in_size);
preq.mp += blobp->in_size;
}