Windows: Add validation for directory buffer contents
authorJeffrey Altman <jaltman@your-file-system.com>
Thu, 26 Aug 2010 15:33:43 +0000 (11:33 -0400)
committerJeffrey Altman <jaltman@openafs.org>
Mon, 6 Sep 2010 03:55:24 +0000 (20:55 -0700)
If the directory buffer contents are garbage we can crash
the service.  Add some simple validation checks to ensure
that cm_dirEntry_t objects have the correct flag value and
that the name strings are not too long.

LICENSE BSD

Change-Id: If4a276007ff7a21a641825037a1035ea20db79c5
Reviewed-on: http://gerrit.openafs.org/2658
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>

src/WINNT/afsd/cm_vnodeops.c

index ba80889..e7b4312 100644 (file)
@@ -671,6 +671,15 @@ long cm_ApplyDir(cm_scache_t *scp, cm_DirFuncp_t funcp, void *parmp,
         tp = bufferp->datap + entryInBuffer;
         dep = (cm_dirEntry_t *) tp;    /* now points to AFS3 dir entry */
 
+        /*
+         * here are some consistency checks
+         */
+        if (dep->flag != CM_DIR_FFIRST ||
+            strlen(dep->name) > 256) {
+            code = CM_ERROR_INVAL;
+            break;
+        }
+
         /* while we're here, compute the next entry's location, too,
          * since we'll need it when writing out the cookie into the
          * dir listing stream.