]> git.michaelhowe.org Git - packages/o/openafs.git/commitdiff
projects / packages / o / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c12b3fe)
OPENAFS-SA-2016-002 ListAddrByAttributes information leak
authorBenjamin Kaduk <kaduk@mit.edu>
Tue, 15 Mar 2016 04:15:20 +0000 (23:15 -0500)
committerBenjamin Kaduk <kaduk@mit.edu>
Wed, 16 Mar 2016 04:04:00 +0000 (00:04 -0400)
The ListAddrByAttributes structure is used as an input to the GetAddrsU
RPC; it contains a Mask field that controls which of the other fields
will actually be read by the server during the RPC processing.
Unfortunately, the client only wrote to the fields indicated by the
mask, leaving the other fields uninitialized for transmission on the
wire, leaking some contents of client memory.

Plug the information leak by zeroing the entire structure before use.

FIXES 132847

Change-Id: I9ccf814ceff206ddb3a74da97dc50b7e1e3c2014

src/libadmin/vos/afs_vosAdmin.c patch | blob | history
src/venus/cacheout.c patch | blob | history
src/vlserver/vlclient.c patch | blob | history

diff --git a/src/libadmin/vos/afs_vosAdmin.c b/src/libadmin/vos/afs_vosAdmin.c
index 49db8cb3116edb5d084410032ee08ab32e43900e..c93875d5d78f1bf1e14ac0c1dbb4fecc5f3930c4 100644 (file)
--- a/src/libadmin/vos/afs_vosAdmin.c
+++ b/src/libadmin/vos/afs_vosAdmin.c
@@ -1188,6 +1188,7 @@ GetServerRPC(void *rpc_specific, int slot, int *last_item,
     bulkaddrs addr_multi;
     int i;
 
+    memset(&m_attrs, 0, sizeof(m_attrs));
     /*
      * Check to see if this is a multihomed address server
      */
diff --git a/src/venus/cacheout.c b/src/venus/cacheout.c
index f7b1d5a2c16bc686742324b4b606902778fe1bb5..656bceb57ba806ece7c5de46f83c76c399e77559 100644 (file)
--- a/src/venus/cacheout.c
+++ b/src/venus/cacheout.c
@@ -60,6 +60,7 @@ ListServers(void)
     char hoststr[16];
     ListAddrByAttributes m_attrs;
 
+    memset(&m_attrs, 0, sizeof(m_attrs));
     memset(&addrs, 0, sizeof(addrs));
     memset(&spare3, 0, sizeof(spare3));
     code =
diff --git a/src/vlserver/vlclient.c b/src/vlserver/vlclient.c
index 7a62084e72977d16daeac8942ae805264d3d2748..e22af50e0d83cfbc9eca6f2b1506ef2fdbd4d510 100644 (file)
--- a/src/vlserver/vlclient.c
+++ b/src/vlserver/vlclient.c
@@ -803,6 +803,7 @@ handleit(struct cmd_syndesc *as, void *arock)
 
                        printf("[0x%x %u] (special multi-homed entry)\n",
                               *addrp, *addrp);
+                       memset(&attrs, 0, sizeof(attrs));
                        attrs.Mask = VLADDR_INDEX;
                        mhaddrs.bulkaddrs_val = 0;
                        mhaddrs.bulkaddrs_len = 0;
@@ -878,6 +879,7 @@ handleit(struct cmd_syndesc *as, void *arock)
 
                        addrs2.bulkaddrs_val = 0;
                        addrs2.bulkaddrs_len = 0;
+                       memset(&attrs, 0, sizeof(attrs));
                        attrs.Mask = VLADDR_INDEX;
                        attrs.index = (base * VL_MHSRV_PERBLK) + index;
                        code =