jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 15:00:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

OPENAFS-SA-2024-001: afs: Throttle PAG creation in afs_genpag()

Browse Source 
CVE-2024-10394

Currently, we only throttle PAG creation in afs_setpag(). But there
are several callers that call setpag() directly, not via afs_setpag;
notably _settok_setParentPag in afs_pioctl.c. When setpag() is called
with a PAG value of -1, it generates a new PAG internally without any
throttling. So, those callers effectively bypass the PAG throttling
mechanism, which allows a calling user to create PAGs without any
delay.

To avoid this, move our afs_pag_wait call from afs_setpag() to
afs_genpag(), which all code uses to generate a new PAG value. This
ensures that PAG creation is always throttled for unprivileged users.

FIXES 135062

Change-Id: Ic4cb352edaa693984995fbdb6dc35b89686e8470
Reviewed-on: https://gerrit.openafs.org/15907
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
This commit is contained in:
Andrew Deason 2020-01-10 12:40:15 -06:00 committed by Benjamin Kaduk
parent f701f704c7
commit 0358648dbe
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/afs/afs_osi_pag.c
View File

@ -185,6 +185,11 @@ afs_pag_wait(afs_ucred_t *acred)
afs_int32
afs_genpag(afs_ucred_t *acred, afs_uint32 *apag)
{
afs_int32 code;
code = afs_pag_wait(acred);
if (code) {
return code;
}
*apag = genpagval();
return 0;
}
@ -221,11 +226,6 @@ afs_setpag(void)
AFS_STATCNT(afs_setpag);
code = afs_pag_wait(acred);
if (code) {
goto done;
}
code = afs_genpag(acred, &pag);
if (code) {
goto done;