git.michaelhowe.org Git - packages/o/openafs.git/commit

author	Benjamin Kaduk <kaduk@mit.edu>
	Tue, 15 Mar 2016 04:15:20 +0000 (23:15 -0500)
committer	Benjamin Kaduk <kaduk@mit.edu>
	Wed, 16 Mar 2016 04:03:33 +0000 (00:03 -0400)
commit	5c4afd5558efcd54152d0be4d56c90e4c6860ef9
tree	af3751ef32197e67776030267a7e148eb3eabe39	tree \| snapshot
parent	3ed975016290f916047fe2ac04303ee393e18a7a	commit \| diff

OPENAFS-SA-2016-002 VldbListByAttributes information leak

The VldbListByAttributes structure is used as an input to several
RPCs; it contains a Mask field that controls
which of the other fields will actually be read by the server
during the RPC processing. Unfortunately, the client only
wrote to the fields indicated by the mask, leaving the other
fields uninitialized for transmission on the wire, leaking
some contents of client memory.

Plug the information leak by zeroing the entire structure before use.

FIXES 132847

Change-Id: Ia7aaccd53db56c7359552b70113f9ae5edbd833e

src/bucoord/commands.c		diff \| blob \| history
src/libadmin/vos/vsprocs.c		diff \| blob \| history
src/volser/vos.c		diff \| blob \| history
src/volser/vsprocs.c		diff \| blob \| history