git.michaelhowe.org Git - packages/o/openafs.git/commit

author	Benjamin Kaduk <kaduk@mit.edu>
	Tue, 15 Mar 2016 04:15:20 +0000 (23:15 -0500)
committer	Benjamin Kaduk <kaduk@mit.edu>
	Wed, 16 Mar 2016 04:03:33 +0000 (00:03 -0400)
commit	becf282ecf9bec3f266d4f8403c1e93d22ab455a
tree	bad9c44271a9d33b2e46e6185c5b2ff1d7109436	tree \| snapshot
parent	5c4afd5558efcd54152d0be4d56c90e4c6860ef9	commit \| diff

OPENAFS-SA-2016-002 ListAddrByAttributes information leak

The ListAddrByAttributes structure is used as an input to the GetAddrsU
RPC; it contains a Mask field that controls which of the other fields
will actually be read by the server during the RPC processing.
Unfortunately, the client only wrote to the fields indicated by the
mask, leaving the other fields uninitialized for transmission on the
wire, leaking some contents of client memory.

Plug the information leak by zeroing the entire structure before use.

FIXES 132847

Change-Id: Ia7aaccd53db56c7359552b70113f9ae5edbd833e

src/libadmin/vos/afs_vosAdmin.c		diff \| blob \| history
src/venus/cacheout.c		diff \| blob \| history
src/vlserver/vlclient.c		diff \| blob \| history