Project

General

Profile

Actions

Bug #8180

closed

Invalid netbuf decoded by xdr_netbuf()

Added by Marcel Telka over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
lib - userland libraries
Start date:
2017-05-08
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

In a case the maxbuf field of the netbuf structure in the incoming XDR stream is different than the actual len of the data then the xdr_netbuf() function might decode the improperly sized netbuf structure. In such a case the allocated buffer size for the netbuf data won't be maxlen, but len instead. This violates the netbuf semantics where the maxlen field denotes the allocated (IOW, max) size of the buffer pointed by buf, while len is just the actual length of the used data in the buf buffer.

Fortunately, I didn't found any xdr_netbuf() consumer that might be affected by this.


Files

test.c (495 Bytes) test.c Marcel Telka, 2017-05-08 08:12 AM
Actions

Also available in: Atom PDF