OPENAFS-SA-2018-002 ubik: prevent VOTE_Debug, VOTE_XDebug information leak

VOTE_Debug and VOTE_XDebug (udebug) both leave a single field
uninitialized if there is no current transaction.  This leaks the memory
contents of the ubik server over the wire.

struct ubik_debug
- 4 bytes in member writeTrans

In common code to both RPCs, ensure that writeTrans is always
initialized.

[kaduk@mit.edu: switch to memset]

(cherry picked from commit 7a7c1f751cdb06c0d95339c999b2c035c2d2168b)

Change-Id: I2759989bf1a5190f9f03621218224c47094a88b7

diff --git a/src/ubik/vote.c b/src/ubik/vote.c
index ba4ff5a807456597e7db24aa4ba5f447c3c90492..2cf1887ecb9bde512c36e251580649a2086f8426 100644 (file)
--- a/src/ubik/vote.c
+++ b/src/ubik/vote.c
@@ -403,6 +403,7 @@ SVOTE_Debug(struct rx_call * rxcall, struct ubik_debug * aparm)
     /* fill in the basic debug structure.  Note the the RPC protocol transfers,
      * integers in host order. */
 
+    memset(aparm, 0, sizeof(*aparm));
     aparm->now = FT_ApproxTime();
     aparm->lastYesTime = vote_globals.ubik_lastYesTime;
     aparm->lastYesHost = ntohl(vote_globals.lastYesHost);