From: Mark Vitale <mvitale@sinenomine.net>
Date: Tue, 26 Jun 2018 10:01:16 +0000 (-0400)
Subject: OPENAFS-SA-2018-002 ubik: prevent VOTE_Debug, VOTE_XDebug information leak
X-Git-Tag: upstream/1.8.2^2~14
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=0ee86cc3f986365df9de21ede5735cc1f40db7e5;p=packages%2Fo%2Fopenafs.git

OPENAFS-SA-2018-002 ubik: prevent VOTE_Debug, VOTE_XDebug information leak

VOTE_Debug and VOTE_XDebug (udebug) both leave a single field
uninitialized if there is no current transaction.  This leaks the memory
contents of the ubik server over the wire.

struct ubik_debug
- 4 bytes in member writeTrans

In common code to both RPCs, ensure that writeTrans is always
initialized.

[kaduk@mit.edu: switch to memset]

(cherry picked from commit 7a7c1f751cdb06c0d95339c999b2c035c2d2168b)

Change-Id: I2759989bf1a5190f9f03621218224c47094a88b7
---

diff --git a/src/ubik/vote.c b/src/ubik/vote.c
index ba4ff5a80..2cf1887ec 100644
--- a/src/ubik/vote.c
+++ b/src/ubik/vote.c
@@ -403,6 +403,7 @@ SVOTE_Debug(struct rx_call * rxcall, struct ubik_debug * aparm)
     /* fill in the basic debug structure.  Note the the RPC protocol transfers,
      * integers in host order. */
 
+    memset(aparm, 0, sizeof(*aparm));
     aparm->now = FT_ApproxTime();
     aparm->lastYesTime = vote_globals.ubik_lastYesTime;
     aparm->lastYesHost = ntohl(vote_globals.lastYesHost);