ptserver: Limit length on namelist, idlist

namelist and idlist are used as IN parameters to ptserver RPCs that
can be issued by unauthenticated clients. Not having a length limit on
them means anyone can use up a ton of ptserver memory by just issuing
those RPCs with a very large length.

So, put a limit on them. PR_MAXLIST is a constant that already exists,
but is small enough to potentially limit real use, so define a new
OpenAFS-internal value for this purpose.

prlist and prentries are returned from the ptserver to clients, so
also limit them in the same way.

Change-Id: Iaf45639bbae401093354adbfb4daa172fe97ede1
Reviewed-on: http://gerrit.openafs.org/9588
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Daria Brashear <shadow@your-file-system.com>

diff --git a/src/ptserver/ptint.xg b/src/ptserver/ptint.xg
index e8ac468..100231d 100644 (file)
--- a/src/ptserver/ptint.xg
+++ b/src/ptserver/ptint.xg
@@ -102,11 +102,15 @@ const     PRUPDATE_IDHASH =       0x0010;
 %#define PR_SF_NGROUPS (1u<<31)                /* set field limiting group creation */
 %#define PR_SF_NUSERS  (1u<<30)                /*  "  "  foreign users  "  */
 
+/* OpenAFS implementation limit.  This limit can be modified in future releases
+ * and does not need to match the limis applied by other implementations. */
+const OPENAFS_MAXPRLIST=50000;
+
 typedef char prname[PR_MAXNAMELEN];
-typedef prname namelist<>;
-typedef afs_int32 idlist<>;
-typedef afs_int32 prlist<>;
-typedef prlistentries prentries<>;
+typedef prname namelist<OPENAFS_MAXPRLIST>;
+typedef afs_int32 idlist<OPENAFS_MAXPRLIST>;
+typedef afs_int32 prlist<OPENAFS_MAXPRLIST>;
+typedef prlistentries prentries<OPENAFS_MAXPRLIST>;
 
 INewEntry(
   IN string name<PR_MAXNAMELEN>,