Prohibit unbounded arrays in XDR protocols

The use of <> is a security issue for RPC parameters, since a
malicious client can set a huge array length causing arbitrary
memory allocation in the daemon.

It is also a robustness issue for RPC return values, because if
the stream is corrupted, it can cause the client to also allocate
arbitrary memory.

Use a syntax-check rule to prohibit any use of <>

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

diff --git a/cfg.mk b/cfg.mk
index 23564f13e89865ad4c37e46f200aab59b5527d54..9a9616c5ec1b42a9720b3c59e53b9564868f9fdb 100644 (file)
--- a/cfg.mk
+++ b/cfg.mk
@@ -836,6 +836,12 @@ sc_prohibit_config_h_in_headers:
        halt='headers should not include <config.h>'                    \
          $(_sc_search_regexp)
 
+sc_prohibit_unbounded_arrays_in_rpc:
+       @prohibit='<>'                                                  \
+       in_vc_files='\.x$$'                                             \
+       halt='Arrays in XDR must have a upper limit set for <NNN>'      \
+         $(_sc_search_regexp)
+
 
 # We don't use this feature of maint.mk.
 prev_version_file = /dev/null