From 9817af2a81eded29eeefcf8ef4445301a7d348ea Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Sat, 8 Apr 2006 20:40:15 +0000
Subject: [PATCH] viced-store-data-validate-input-20060408

The old StoreData RPC is only supposed to be valid for files
smaller than 2GB.  When StoreData64 was added, StoreData and StoreData64
were implemented as calls to common_StoreData64.  This removed the bounds
checking on the old StoreData RPC making it possible for operations
beyond two 2GB to be requested even if the file server cannot support
them.  This patch adds a validity check to ensure that the requested
file operations remain below 2GB.  Failures return E2BIG.
---
 src/viced/afsfileprocs.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/viced/afsfileprocs.c b/src/viced/afsfileprocs.c
index de38173a2c..db687f1888 100644
--- a/src/viced/afsfileprocs.c
+++ b/src/viced/afsfileprocs.c
@@ -3051,6 +3051,10 @@ SRXAFS_StoreData(struct rx_call * acall, struct AFSFid * Fid,
 		 afs_uint32 Length, afs_uint32 FileLength,
 		 struct AFSFetchStatus * OutStatus, struct AFSVolSync * Sync)
 {
+    if (FileLength > 0x7fffffff || Pos > 0x7fffffff || 
+	(0x7fffffff - Pos) < Length)
+        return EFBIG;
+
     return common_StoreData64(acall, Fid, InStatus, Pos, Length, FileLength,
 	                      OutStatus, Sync);
 }				/*SRXAFS_StoreData */