openafs

mirror of https://git.openafs.org/openafs.git synced 2025-01-18 15:00:12 +00:00

Go to file

Andrew Deason 35d218c1d1 OPENAFS-SA-2024-002: acl: Do not parse beyond end of ACL CVE-2024-10396 The early parsing code in acl_Internalize_pr() tries to advance 'nextc' to go beyond the first two newlines in the given ACL string. But if the given ACL string has no newlines, or only 1 newline, then 'nextc' will point beyond the end of the ACL string, potentially pointing to garbage. Intuitively, it may look like the ACL string must contain at least 2 newlines because we have sscanf()'d the string with "%d\n%\d". However, whitespace characters in sscanf() are not matched exactly like non-whitespace characters are; a sequence of whitespace characters matches any amount of whitespace (including none). So, a string like "1 2" will be parsed by "%d\n%d\n", but will not contain any newline characters. Usually this should result in a parse error from acl_Internalize_pr(), but if the garbage happens to parse successfully, this could result in unrelated memory getting stored to the ACL. To fix this, don't advance 'nextc' if we're already at the end of the ACL string. FIXES 135445 Change-Id: Ie009b59bec9a75afc81fee201c2fca6955f484e4 Reviewed-on: https://gerrit.openafs.org/15910 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: Benjamin Kaduk <kaduk@mit.edu>		2024-11-12 12:34:34 -05:00
build-tools	make-release: create SHA256 checksums too	2024-04-25 12:22:19 -04:00
doc	auth: Remove src/auth/copyauth	2024-10-09 16:35:34 -04:00
src	OPENAFS-SA-2024-002: acl: Do not parse beyond end of ACL	2024-11-12 12:34:34 -05:00
tests	tests: Fix perl string concatenation spacing	2024-09-12 11:36:12 -04:00
.gitignore	Remove alpha_dux/alpha_osf references	2018-09-22 17:05:26 -04:00
.gitreview	Add .gitreview	2018-02-04 15:34:55 -05:00
.mailmap	git: add a mailmap file	2016-09-25 21:05:23 -04:00
.splintrc	start-splint-support-20030528	2003-05-28 19:18:08 +00:00
acinclude.m4	cf: Remove SRCDIR_PARENT	2024-08-19 09:41:11 -04:00
CODING	Stop defining HC_DEPRECATED	2024-07-09 08:13:29 -04:00
configure-libafs.ac	cf: Set CC before calling AC_PROG_CC	2024-07-02 13:13:45 -04:00
configure.ac	build: Remove doc directory checks	2024-07-09 11:21:54 -04:00
CONTRIBUTING	Correct our contributor's code of conduct	2020-09-04 10:01:28 -04:00
INSTALL	INSTALL: Update AIX notes	2024-07-02 14:52:10 -04:00
libafsdep	Move build support files into build-tools	2010-07-14 20:40:36 -07:00
LICENSE	cf: Make local copy of ax_gcc_func_attribute.m4	2020-07-24 08:35:59 -04:00
Makefile-libafs.in	Fix libafs_tree's cross-architecture support	2010-05-24 20:28:41 -07:00
Makefile.in	tests: Make src/tests buildable	2024-10-03 15:44:31 -04:00
NEWS	Update NEWS for OpenAFS 1.9.1	2021-03-18 21:48:27 -04:00
NTMakefile	Remove rpctestlib	2021-06-10 12:59:53 -04:00
README	Tweak grammar in README	2015-12-28 19:32:17 -05:00
README-WINDOWS	Update windows build documentation	2013-07-02 15:14:09 -07:00
regen.sh	Use autoconf-archive m4 from src/external	2020-05-08 11:30:36 -04:00

README

AFS is a distributed file system that enables users to share and
access all of the files stored in a network of computers as easily as
they access the files stored on their local machines. The file system is
called distributed for this exact reason: files can reside on many
different machines, but are available to users on every machine.

OpenAFS 1.0 was originally released by IBM under the terms of the
IBM Public License 1.0 (IPL10).  For details on IPL10 see the LICENSE
file in this directory.  The current OpenAFS distribution is licensed
under a combination of the IPL10 and many other licenses as granted by
the relevant copyright holders.  The LICENSE file in this directory
contains more details, thought it is not a comprehensive statement.

See INSTALL for information about building and installing OpenAFS
on various platforms.

See CODING for developer information and guidelines.

See NEWS for recent changes to OpenAFS.