search

redbo / cloudfuse

Filesystem (fuse) implemented on Mosso's Cloud Files
http://redbo.github.com/cloudfuse/
MIT License
392 stars 114 forks source link

Buffer overflow with PKI tokens #55

Open olim7t opened 11 years ago

olim7t commented 11 years ago

Cloudfuse uses a 4KB buffer to build request headers.

Starting with the Grizzly version, OpenStack can be configured to use PKI tokens, which are significantly larger than UUIDs (~ 4700 bytes in our tests). The buffer overflows, the end of the token is truncated and authentication fails.

Quick fix: raise the max header size in cloudfsapi.h.

    #define MAX_HEADER_SIZE 8192
SoftDed commented 10 years ago

Problem was solved in commit https://github.com/redbo/cloudfuse/commit/0a51180973ee825defa557a40c343c2b40f83b04