|
 |
43fe83 |
From bc206c2eb3712871fb737c1b9968b043dc3c9724 Mon Sep 17 00:00:00 2001
|
|
|
43fe83 |
Message-Id: <bc206c2eb3712871fb737c1b9968b043dc3c9724.1377873640.git.jdenemar@redhat.com>
|
|
|
43fe83 |
From: "Daniel P. Berrange" <berrange@redhat.com>
|
|
|
43fe83 |
Date: Fri, 30 Aug 2013 11:16:14 +0100
|
|
|
43fe83 |
Subject: [PATCH] Prohibit unbounded arrays in XDR protocols
|
|
|
43fe83 |
|
|
|
43fe83 |
For
|
|
|
43fe83 |
|
|
|
43fe83 |
https://bugzilla.redhat.com/show_bug.cgi?id=1002667
|
|
|
43fe83 |
|
|
|
43fe83 |
The use of <> is a security issue for RPC parameters, since a
|
|
|
43fe83 |
malicious client can set a huge array length causing arbitrary
|
|
|
43fe83 |
memory allocation in the daemon.
|
|
|
43fe83 |
|
|
|
43fe83 |
It is also a robustness issue for RPC return values, because if
|
|
|
43fe83 |
the stream is corrupted, it can cause the client to also allocate
|
|
|
43fe83 |
arbitrary memory.
|
|
|
43fe83 |
|
|
|
43fe83 |
Use a syntax-check rule to prohibit any use of <>
|
|
|
43fe83 |
|
|
|
43fe83 |
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
|
|
43fe83 |
(cherry picked from commit a4d1cfdc59ec18bfade96333cafd465dad7e40fb)
|
|
|
43fe83 |
---
|
|
|
43fe83 |
cfg.mk | 6 ++++++
|
|
|
43fe83 |
1 file changed, 6 insertions(+)
|
|
|
43fe83 |
|
|
|
43fe83 |
diff --git a/cfg.mk b/cfg.mk
|
|
|
43fe83 |
index c59d432..aa2e1a1 100644
|
|
|
43fe83 |
--- a/cfg.mk
|
|
|
43fe83 |
+++ b/cfg.mk
|
|
|
43fe83 |
@@ -830,6 +830,12 @@ sc_prohibit_config_h_in_headers:
|
|
|
43fe83 |
halt='headers should not include <config.h>' \
|
|
|
43fe83 |
$(_sc_search_regexp)
|
|
|
43fe83 |
|
|
|
43fe83 |
+sc_prohibit_unbounded_arrays_in_rpc:
|
|
|
43fe83 |
+ @prohibit='<>' \
|
|
|
43fe83 |
+ in_vc_files='\.x$$' \
|
|
|
43fe83 |
+ halt='Arrays in XDR must have a upper limit set for <NNN>' \
|
|
|
43fe83 |
+ $(_sc_search_regexp)
|
|
|
43fe83 |
+
|
|
|
43fe83 |
|
|
|
43fe83 |
# We don't use this feature of maint.mk.
|
|
|
43fe83 |
prev_version_file = /dev/null
|
|
|
43fe83 |
--
|
|
|
43fe83 |
1.8.3.2
|
|
|
43fe83 |
|