upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-11 01:30:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/rpc
History
Mark Johnston 97ff4784ce rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate() 
svc_rpc_gss_validate() copies the input message into a stack buffer
without ensuring that the buffer is large enough.  Sure enough,
oa_length may be up to 400 bytes, much larger than the provided space.
This enables an unauthenticated user to trigger an overflow and obtain
remote code execution.

Add a runtime check which verifies that the copy won't overflow.

Approved by:	so
Security:	FreeBSD-SA-26:08.rpcsec_gss
Security:	CVE-2026-4747
Reported by:	Nicholas Carlini <npc@anthropic.com>
Reviewed by:	rmacklem
Fixes:		a9148abd9d
2026-03-26 08:04:47 +01:00
..
rpcsec_gss rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate() 2026-03-26 08:04:47 +01:00
rpcsec_tls krpc: Display stats of TLS usage 2023-12-24 15:02:15 -08:00
auth.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
auth_none.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
auth_unix.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
authunix_prot.c kern: adopt the cr_gid macro for cr_groups[0] more widely 2026-01-20 08:27:09 +01:00
clnt.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
clnt_bck.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
clnt_dg.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
clnt_rc.c NFS: Request use of TCP_USE_DDP for in-kernel TCP sockets 2024-04-12 12:25:27 -07:00
clnt_stat.h sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
clnt_vc.c krpc: Ref cnt the client structures for TLS upcalls 2024-05-01 18:09:52 -07:00
getnetconfig.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
krpc.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
netconfig.h sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
nettype.h sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
pmap_prot.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
replay.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
replay.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
rpc.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
rpc_callmsg.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
rpc_com.h libc/libc/rpc: refactor some global variables 2023-11-29 20:16:16 -07:00
rpc_generic.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
rpc_msg.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
rpc_prot.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
rpcb_clnt.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
rpcb_clnt.h sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
rpcb_prot.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
rpcb_prot.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
rpcm_subs.h sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
rpcsec_gss.h nfscl/kgssapi: Fix Kerberized NFS mounts to pNFS servers 2023-12-23 17:03:58 -08:00
rpcsec_tls.h krpc: Display stats of TLS usage 2023-12-24 15:02:15 -08:00
svc.c svc.c: Check for a non-NULL xp_socket 2024-05-31 15:35:18 -07:00
svc.h NFS: Request use of TCP_USE_DDP for in-kernel TCP sockets 2024-04-12 12:25:27 -07:00
svc_auth.c nfs, rpc: Ensure kernel credentials have at least one group 2024-11-15 11:47:43 +01:00
svc_auth.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
svc_auth_unix.c kern: adopt the cr_gid macro for cr_groups[0] more widely 2026-01-20 08:27:09 +01:00
svc_dg.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
svc_generic.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
svc_vc.c krpc: Display stats of TLS usage 2023-12-24 15:02:15 -08:00
types.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
xdr.h rpc: Fix the definition of xdr_void() 2024-11-05 01:05:26 +00:00