]> git.michaelhowe.org Git - packages/o/openafs.git/commitdiff
projects / packages / o / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b7e53b9)
OPENAFS-SA-2018-002 butc: prevent TC_DumpStatus, TC_ScanStatus information leaks
authorMark Vitale <mvitale@sinenomine.net>
Tue, 26 Jun 2018 09:12:32 +0000 (05:12 -0400)
committerBenjamin Kaduk <kaduk@mit.edu>
Sun, 9 Sep 2018 23:35:06 +0000 (18:35 -0500)
TC_ScanStatus (backup status) and TC_GetStatus (internal backup status
watcher) do not initialize their output buffers.  They leak memory
contents over the wire:

struct tciStatusS
- up to 64 bytes in member taskName (TC_MAXNAMELEN 64)
- up to 64 bytes in member volumeName  "

Initialize the buffers.

[kaduk@mit.edu: move initialization to top of server routines]

(cherry picked from commit be0142707ca54f3de99c4886530e7ac9f48dd61c)

Change-Id: I7a97ad1dbab004938085b401929d4925d80ff3b2

src/butc/tcstatus.c patch | blob | history

diff --git a/src/butc/tcstatus.c b/src/butc/tcstatus.c
index fbe46a49f95d8b8c10d7affa829859c635138bf7..db06b514fe765c476f3eccc3355a8f7ce47df482 100644 (file)
--- a/src/butc/tcstatus.c
+++ b/src/butc/tcstatus.c
@@ -46,14 +46,13 @@ STC_GetStatus(struct rx_call *call, afs_uint32 taskId,
     statusP ptr;
     int retval = 0;
 
+    memset(statusPtr, 0, sizeof(*statusPtr));
     if (callPermitted(call) == 0)
        return (TC_NOTPERMITTED);
 
     lock_Status();
     ptr = findStatus(taskId);
     if (ptr) {
-       /* strcpy(statusPtr->status, ptr->status); */
-
        strcpy(statusPtr->taskName, ptr->taskName);
        strcpy(statusPtr->volumeName, ptr->volumeName);
        statusPtr->taskId = ptr->taskId;
@@ -133,6 +132,7 @@ STC_ScanStatus(struct rx_call *call, afs_uint32 *taskId,
     statusP ptr = 0;
     dlqlinkP dlqPtr;
 
+    memset(statusPtr, 0, sizeof(*statusPtr));
     if (callPermitted(call) == 0)
        return (TC_NOTPERMITTED);