Project

General

Profile

Actions

Bug #8106

closed

authloopback_marshal() can violate the RPC specification

Added by Marcel Telka about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
kernel
Start date:
2017-04-25
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

In a case a user is in a large number of groups, let say 80, and the machine nodename is long enough, let say 100 characters long, the authloopback_marshal() could create too long authentication body that won't fit to the opaque_auth structure. The size of the auth body is limited to 400 bytes by RFC 5531, but in the example above we will create (and successfully encode and send to the other party) 5 * 4 + 100 + 80 * 4 = 440 bytes of the auth body.

This will happen only in a case the XDR_INLINE() call in the authloopback_marshal() function succeeds.


Files

module.c (3.9 KB) module.c Marcel Telka, 2017-04-26 01:58 PM

Related issues

Related to illumos gate - Bug #8105: libnsl(3nsl): NGRPS_LOOPBACK should be increasedIn ProgressMarcel Telka2017-04-25

Actions
Related to illumos gate - Bug #8109: Kernel AUTH_SYS and AUTH_LOOPBACK implementation can ignore provided credentialsClosedMarcel Telka2017-04-26

Actions
Actions

Also available in: Atom PDF