RXAFSCB_TellMeAboutYourself does not completely initialize its output
buffers. This leaks kernel memory over the wire:
struct interfaceAddr
Unix cache manager (libafs)
- up to 124 bytes in array addr_in ((AFS_MAX_INTERFACE_ADDR 32 * 4) - 4))
- up to 124 bytes in array subnetmask "
- up to 124 bytes in array mtu "
Windows cache manager
- 64 bytes in array addr_in ((AFS_MAX_INTERFACE_ADDR 32 - CM_MAXINTERFACE_ADDR 16)* 4)
- 64 bytes in array subnetmask "
- 64 bytes in array mtu "
The following implementations of SRXAFSCB_TellMeAboutYourself are not susceptible:
- fsprobe
- libafscp
- xstat_fs_test
Initialize the buffer.
(cherry picked from commit
211b6d6a4307006da1467b3be46912a3a5d7b20b)
Change-Id: I2fee5cc9c11ea42726c7c8f9a7d14eafee6142f0
}
/* return all network interface addresses */
+ memset(addr, 0, sizeof(*addr));
addr->numberOfInterfaces = cm_noIPAddr;
addr->uuid = cm_data.Uuid;
for ( i=0; i < cm_noIPAddr; i++ ) {
ObtainReadLock(&afs_xinterface);
/* return all network interface addresses */
+ memset(addr, 0, sizeof(*addr));
addr->numberOfInterfaces = afs_cb_interface.numberOfInterfaces;
addr->uuid = afs_cb_interface.uuid;
for (i = 0; i < afs_cb_interface.numberOfInterfaces; i++) {
projects / packages / o / openafs.git / commitdiff