In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
IntheLinuxkernel,thefollowingvulnerabilityhasbeenresolved:afs:Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linuxkernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4Gfrom anOpenAFS serverAFS-3has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switchesbetween them when talking to anon-YFS serverif the read size, the file position orthe sum ofthe two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fixthis by capturing the capability bits obtained from the fileserver whenit ssent an FS.GetCapabilities RPC, rather than just discarding them,andthenpickingout the VICED_CAPABILITY_64BITFILES flag. This can then beused to decidewhether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag couldalsobeused to limit themaximumsize of thefile,but allserversmust bechecked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bitvalues. It s also not aproblem with Auristorservers as itsYFS.FetchData64op uses unsigned 64-bit values.This can be tested bycloning a git repothrough anOpenAFS client to anOpenAFS server and then doing gitstatus onit from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchDatareturns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
IntheLinux kernel,the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from anOpenAFSserverAFS-3 has twodata fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches betweenthem when talking to a non-YFSserverif the read size, the file position or the sumof the twohave the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this bycapturing the capability bits obtained from the fileserver whenit s sent anFS.GetCapabilities RPC, rather than just discarding them, andthenpickingout theVICED_CAPABILITY_64BITFILES flag. This can then beused to decide whetherto use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also beusedtolimit the maximumsize ofthefile, but allserversmust becheckedfor that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problemwith Auristor serversas itsYFS.FetchData64 op usesunsigned 64-bit values.This can be tested by cloninga git repo throughan OpenAFSclient to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLogwith something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001SunAug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns5Note the file position of 18446744071815340032. This isthe requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchDataand FS.FetchData64, andLinux safs client switches between them when talking to anon-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is aproblem, however, since the file position and length fields ofFS.FetchDataare *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 -and alsoFS.StoreData or FS.StoreData64 -rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData -that uses *unsigned*32-bit values. It salso not aproblem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning agit repo through an OpenAFS client to anOpenAFS server and then doing git status on it from aLinux afsclient[1]. Provided the clone has apack file that sin the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server sFileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid =2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinuxs afs client switches between them when talking toa non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64- rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData- that uses *unsigned*32-bit values. Its also nota problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloninga git repo through an OpenAFS client to anOpenAFS server and then doing git status on it froma Linux afsclient[1]. Provided the clone hasa pack file thats in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid= 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switchesbetween themwhen talkingto anon-YFS serverif the read size, the file position or the sumof thetwohave the upper 32bits set of the 64-bit value.This isa problem, however, since the file position and lengthfields ofFS.FetchData are *signed*32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. Thiscan then beused to decide whether to use FS.FetchData or FS.FetchData64- and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits()toswitch onthe parameter values.This capabilities flag couldalso beusedtolimit the maximum size of thefile, but all servers must be checked for that.Note that theissue does notexist with FS.StoreData - that uses*unsigned*32-bit values. Its also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned64-bitvalues.This can be tested by cloning a git repo through an OpenAFS client toanOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clonehasa pack filethat s in the 2G-4Grange,the git status will show errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis canbe observed inthe server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle:Pos18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: filesize 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file positionof 18446744071815340032. This is the requested fileposition sign-extended.
In the Linux kernel, the following vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talking to a non-YFS serverif the read size, the file position or the sum of the two have the upper 32bits set of the 64-bit value.This is a problem, however, since the file position and length fields ofFS.FetchData are *signed* 32-bit values.Fix this by capturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decide whether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() toswitch on the parameter values.This capabilities flag could also be used to limit the maximum size of thefile, but all servers must be checked for that.Note that the issue does not exist with FS.StoreData - that uses *unsigned*32-bit values. It s also not a problem with Auristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can be tested by cloning a git repo through an OpenAFS client to anOpenAFS server and then doing git status on it from a Linux afsclient[1]. Provided the clone has a pack file that s in the 2G-4G range,the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the server s FileLog with something like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.
| linux | | https://git.kernel.org/linus/b537a3c21775075395af475dcc6ef212fcf29db8 | https://git.kernel.org/linus/b9b1f8d5930a813879278d0cbfc8c658d6a038dc | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
IntheLinuxkernel,thefollowing vulnerability has been resolved:afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS serverAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux s afs client switches between them when talkingto a non-YFSserverif thereadsize, the file position or the sum of the two have the upper32bitssetof the 64-bit value.This is a problem, however, sincethe file position and length fields ofFS.FetchData are*signed* 32-bit values.Fix this bycapturing the capability bits obtained from the fileserver whenit s sent an FS.GetCapabilities RPC, rather than just discarding them, andthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then beused to decidewhether to use FS.FetchData or FS.FetchData64 - and alsoFS.StoreData orFS.StoreData64 - rather than using upper_32_bits() toswitch on the parametervalues.Thiscapabilities flag could also be used to limit themaximumsizeofthefile, but all servers must be checked for that.Note that the issue does not exist withFS.StoreData -that uses *unsigned*32-bit values. It s also not a problem withAuristor servers as itsYFS.FetchData64 op uses unsigned 64-bit values.This can betestedby cloning a git repo through an OpenAFS client to anOpenAFS server and thendoing git status on it from aLinux afsclient[1]. Provided the clone has apack file that s inthe2G-4G range,the git status willshow errors like:error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match indexThis can be observed in the servers FileLog withsomething like thefollowing appearing:Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032,Len3154Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866...Sun Aug29 19:31:40 2021 SRXAFS_FetchData returns 5Note the file position of 18446744071815340032. This is the requested fileposition sign-extended.