If the directory buffer contents are garbage we can crash
the service. Add some simple validation checks to ensure
that cm_dirEntry_t objects have the correct flag value and
that the name strings are not too long.
LICENSE BSD
Change-Id: If4a276007ff7a21a641825037a1035ea20db79c5
Reviewed-on: http://gerrit.openafs.org/2658
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
tp = bufferp->datap + entryInBuffer;
dep = (cm_dirEntry_t *) tp; /* now points to AFS3 dir entry */
+ /*
+ * here are some consistency checks
+ */
+ if (dep->flag != CM_DIR_FFIRST ||
+ strlen(dep->name) > 256) {
+ code = CM_ERROR_INVAL;
+ break;
+ }
+
/* while we're here, compute the next entry's location, too,
* since we'll need it when writing out the cookie into the
* dir listing stream.