]> git.michaelhowe.org Git - packages/o/openafs.git/commitdiff
projects / packages / o / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e19ad4c)
OPENAFS-SA-2018-002 afs: prevent RXAFSCB_GetLock information leak
authorMark Vitale <mvitale@sinenomine.net>
Tue, 26 Jun 2018 07:47:41 +0000 (03:47 -0400)
committerBenjamin Kaduk <kaduk@mit.edu>
Sun, 9 Sep 2018 23:34:59 +0000 (18:34 -0500)
RXAFSCB_GetLock (cmdebug) does not correctly initialize its output.
This leaks kernel memory over the wire:

struct AFSDBLock
- up to 14 bytes for member name (16 - '<cellname>\0')

Initialize the buffer.

(cherry picked from commit b52eb11a08f2ad786238434141987da27b81e743)

Change-Id: If84c5d9d805356cd56be77313149a931a948b4d5

src/afs/afs_callback.c patch | blob | history

diff --git a/src/afs/afs_callback.c b/src/afs/afs_callback.c
index 61b2a75b7a20b3af63e2152cf58849872eaac41d..2bad7c94af766a587e18e153a4cc167aa191386f 100644 (file)
--- a/src/afs/afs_callback.c
+++ b/src/afs/afs_callback.c
@@ -306,6 +306,7 @@ SRXAFSCB_GetLock(struct rx_call *a_call, afs_int32 a_index,
     XSTATS_START_CMTIME(AFS_STATS_CM_RPCIDX_GETLOCK);
 
     AFS_STATCNT(SRXAFSCB_GetLock);
+    memset(a_result, 0, sizeof(*a_result));
     nentries = sizeof(ltable) / sizeof(struct ltable);
     if (a_index < 0 || a_index >= nentries+afs_cellindex) {
        /*