jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 15:00:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
14,072 Commits 38 Branches 373 Tags 160 MiB
C 72.2%
C++ 20.1%
Makefile 1.4%
Perl 1.2%
Rich Text Format 1%
Other 3.7%
c9eae1e8b2
Go to file
Andrew Deason c9eae1e8b2 OPENAFS-SA-2024-002: viced: Avoid unchecked ACL in StoreACL audit log 
CVE-2024-10396

Currently in SRXAFS_StoreACL, if CallPreamble() or check_acl() fail, we
will jump to Bad_StoreACL, which will pass the ACL string from the
client to osi_auditU. Since check_acl() hasn't yet checked if the given
ACL contains a NUL byte, the ACL may be an unterminated string. If
auditing is enabled, this can cause garbage to be logged to the audit
log, or cause the fileserver to crash.

To avoid this, set 'rawACL' to NULL at first, only setting it to the
actual ACL string after check_acl() has succeeded. This ensures that all
code accessing 'rawACL' is guaranteed to be using a terminated string.

This may mean that we pass a NULL AUD_ACL to osi_auditU. Our auditing
code explicitly checks for and handles handles NULL strings, so this is
fine.

FIXES 135445

Change-Id: Iecde5677805a28d55c833b135732a14fd86cc985
Reviewed-on: https://gerrit.openafs.org/15913
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
2024-11-12 12:34:49 -05:00
build-tools make-release: create SHA256 checksums too 2024-04-25 12:22:19 -04:00
doc auth: Remove src/auth/copyauth 2024-10-09 16:35:34 -04:00
src OPENAFS-SA-2024-002: viced: Avoid unchecked ACL in StoreACL audit log 2024-11-12 12:34:49 -05:00
tests tests: Fix perl string concatenation spacing 2024-09-12 11:36:12 -04:00
.gitignore Remove alpha_dux/alpha_osf references 2018-09-22 17:05:26 -04:00
.gitreview Add .gitreview 2018-02-04 15:34:55 -05:00
.mailmap git: add a mailmap file 2016-09-25 21:05:23 -04:00
.splintrc start-splint-support-20030528 2003-05-28 19:18:08 +00:00
acinclude.m4 cf: Remove SRCDIR_PARENT 2024-08-19 09:41:11 -04:00
CODING Stop defining HC_DEPRECATED 2024-07-09 08:13:29 -04:00
configure-libafs.ac cf: Set CC before calling AC_PROG_CC 2024-07-02 13:13:45 -04:00
configure.ac build: Remove doc directory checks 2024-07-09 11:21:54 -04:00
CONTRIBUTING Correct our contributor's code of conduct 2020-09-04 10:01:28 -04:00
INSTALL INSTALL: Update AIX notes 2024-07-02 14:52:10 -04:00
libafsdep Move build support files into build-tools 2010-07-14 20:40:36 -07:00
LICENSE cf: Make local copy of ax_gcc_func_attribute.m4 2020-07-24 08:35:59 -04:00
Makefile-libafs.in Fix libafs_tree's cross-architecture support 2010-05-24 20:28:41 -07:00
Makefile.in tests: Make src/tests buildable 2024-10-03 15:44:31 -04:00
NEWS Update NEWS for OpenAFS 1.9.1 2021-03-18 21:48:27 -04:00
NTMakefile Remove rpctestlib 2021-06-10 12:59:53 -04:00
README Tweak grammar in README 2015-12-28 19:32:17 -05:00
README-WINDOWS Update windows build documentation 2013-07-02 15:14:09 -07:00
regen.sh Use autoconf-archive m4 from src/external 2020-05-08 11:30:36 -04:00

README 

AFS is a distributed file system that enables users to share and
access all of the files stored in a network of computers as easily as
they access the files stored on their local machines. The file system is
called distributed for this exact reason: files can reside on many
different machines, but are available to users on every machine.

OpenAFS 1.0 was originally released by IBM under the terms of the
IBM Public License 1.0 (IPL10).  For details on IPL10 see the LICENSE
file in this directory.  The current OpenAFS distribution is licensed
under a combination of the IPL10 and many other licenses as granted by
the relevant copyright holders.  The LICENSE file in this directory
contains more details, thought it is not a comprehensive statement.

See INSTALL for information about building and installing OpenAFS
on various platforms.

See CODING for developer information and guidelines.

See NEWS for recent changes to OpenAFS.