]> git.michaelhowe.org Git - packages/o/openafs.git/commitdiff
projects / packages / o / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5c4afd5)
OPENAFS-SA-2016-002 ListAddrByAttributes information leak
authorBenjamin Kaduk <kaduk@mit.edu>
Tue, 15 Mar 2016 04:15:20 +0000 (23:15 -0500)
committerBenjamin Kaduk <kaduk@mit.edu>
Wed, 16 Mar 2016 04:03:33 +0000 (00:03 -0400)
The ListAddrByAttributes structure is used as an input to the GetAddrsU
RPC; it contains a Mask field that controls which of the other fields
will actually be read by the server during the RPC processing.
Unfortunately, the client only wrote to the fields indicated by the
mask, leaving the other fields uninitialized for transmission on the
wire, leaking some contents of client memory.

Plug the information leak by zeroing the entire structure before use.

FIXES 132847

Change-Id: Ia7aaccd53db56c7359552b70113f9ae5edbd833e

src/libadmin/vos/afs_vosAdmin.c patch | blob | history
src/venus/cacheout.c patch | blob | history
src/vlserver/vlclient.c patch | blob | history

diff --git a/src/libadmin/vos/afs_vosAdmin.c b/src/libadmin/vos/afs_vosAdmin.c
index bed8c494f6ea13e995319c1a0797f59d40295676..557feb90e709c3bd62f36f0e21152445c20938bc 100644 (file)
--- a/src/libadmin/vos/afs_vosAdmin.c
+++ b/src/libadmin/vos/afs_vosAdmin.c
@@ -1199,6 +1199,7 @@ GetServerRPC(void *rpc_specific, int slot, int *last_item,
     bulkaddrs addr_multi;
     int i;
 
+    memset(&m_attrs, 0, sizeof(m_attrs));
     /*
      * Check to see if this is a multihomed address server
      */
diff --git a/src/venus/cacheout.c b/src/venus/cacheout.c
index 2a390ade74a2996546654e0fc807a030511c6df1..3d44fd9fc70ca0ed749ec7ae6b07d5f0160c1288 100644 (file)
--- a/src/venus/cacheout.c
+++ b/src/venus/cacheout.c
@@ -71,6 +71,7 @@ ListServers(void)
     char hoststr[16];
     ListAddrByAttributes m_attrs;
 
+    memset(&m_attrs, 0, sizeof(m_attrs));
     memset(&addrs, 0, sizeof(addrs));
     memset(&spare3, 0, sizeof(spare3));
     code =
diff --git a/src/vlserver/vlclient.c b/src/vlserver/vlclient.c
index c7bfa7ee8e0f836e4f9f7b488a9e1b5176fbe119..b29c5d860c1c73bd4e43c9345ebd7cf3090b269b 100644 (file)
--- a/src/vlserver/vlclient.c
+++ b/src/vlserver/vlclient.c
@@ -824,6 +824,7 @@ handleit(struct cmd_syndesc *as, void *arock)
 
                        printf("[0x%x %u] (special multi-homed entry)\n",
                               *addrp, *addrp);
+                       memset(&attrs, 0, sizeof(attrs));
                        attrs.Mask = VLADDR_INDEX;
                        mhaddrs.bulkaddrs_val = 0;
                        mhaddrs.bulkaddrs_len = 0;
@@ -899,6 +900,7 @@ handleit(struct cmd_syndesc *as, void *arock)
 
                        addrs2.bulkaddrs_val = 0;
                        addrs2.bulkaddrs_len = 0;
+                       memset(&attrs, 0, sizeof(attrs));
                        attrs.Mask = VLADDR_INDEX;
                        attrs.index = (base * VL_MHSRV_PERBLK) + index;
                        code =