]> git.michaelhowe.org Git - packages/o/openafs.git/commit
projects / packages / o / openafs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 43b3efd) | patch
OPENAFS-SA-2018-002 kaserver: prevent KAM_ListEntry information leak
authorMark Vitale <mvitale@sinenomine.net>
Tue, 26 Jun 2018 09:26:21 +0000 (05:26 -0400)
committerBenjamin Kaduk <kaduk@mit.edu>
Sun, 9 Sep 2018 23:35:07 +0000 (18:35 -0500)
commitc912830e9c82d91bccf85018ef1e6a75edc410c4
tree1d9bc257a51a540ef603182257bfdb1132b6ebe4tree | snapshot
parent43b3efd4f8cd3227b2b24ff673adeb834f6a3f0bcommit | diff
OPENAFS-SA-2018-002 kaserver: prevent KAM_ListEntry information leak

KAM_ListEntry (kas list) does not initialize its output correctly.  It
leaks kaserver memory contents over the wire:

struct kaindex
- up to 64 bytes for member name
- up to 64 bytes for member instance

Initialize the buffer.

[kaduk@mit.edu: move initialization to top of server routine]

(cherry picked from commit b604ee7add7be416bf20973422a041e913d20761)

Change-Id: Ic40bb2d5af409399c11a378340ba92174e26112f
src/kauth/kaprocs.c diff | blob | history