viced: fix get-statistics64 buffer overflow

Range check the statsVersion argument of the GetStatisitics64 RPC to
avoid a buffer overflow in the fileserver, or a huge memory allocation,
by a rogue client.

FIXES 131803

Change-Id: Ib084ca28cbe350d846fa5978d489e523aaae299b

diff --git a/src/viced/afsfileprocs.c b/src/viced/afsfileprocs.c
index 76e7ff1..3d1d504 100644 (file)
--- a/src/viced/afsfileprocs.c
+++ b/src/viced/afsfileprocs.c
@@ -5122,6 +5122,11 @@ SRXAFS_GetStatistics64(struct rx_call *acall, afs_int32 statsVersion, ViceStatis
     if ((code = CallPreamble(acall, NOTACTIVECALL, NULL, &tcon, &thost)))
        goto Bad_GetStatistics64;
 
+    if (statsVersion != STATS64_VERSION) {
+       code = EINVAL;
+       goto Bad_GetStatistics64;
+    }
+
     ViceLog(1, ("SAFS_GetStatistics64 Received\n"));
     Statistics->ViceStatistics64_val =
        malloc(statsVersion*sizeof(afs_uint64));