From: Mark Vitale Date: Tue, 26 Jun 2018 07:00:02 +0000 (-0400) Subject: OPENAFS-SA-2018-002 volser: prevent AFSVolMonitor information leak X-Git-Tag: upstream/1.8.2^2~22 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=2d22756de7af2c72b8aca6969825f8e921f01d6c;p=packages%2Fo%2Fopenafs.git OPENAFS-SA-2018-002 volser: prevent AFSVolMonitor information leak AFSVolMonitor (vos status) does not properly initialize its output buffers. This leaks information from volserver memory: struct transDebugInfo - up to 29 bytes in member lastProcName (30-'\0') - 16 bytes in members readNext, tranmitNext, lastSendTime, lastReceiveTime Initialize the buffers. This must be done on a per-buffer basis inside the loop, since realloc is used to expand the storage if needed, and there is not a standard realloc API to zero the newly allocated storage. [kaduk@mit.edu: update commit message] (cherry picked from commit 26924fd508b21bb6145e77dc31b6cd0923193b72) Change-Id: Id10aa1f4d0b8694f6d85468d743c2fc2a8102339 --- diff --git a/src/volser/volprocs.c b/src/volser/volprocs.c index 537e50a5d..985c0a01d 100644 --- a/src/volser/volprocs.c +++ b/src/volser/volprocs.c @@ -2846,6 +2846,7 @@ VolMonitor(struct rx_call *acid, transDebugEntries *transInfo) goto done; /*no active transactions */ for (tt = allTrans; tt; tt = nt) { /*copy relevant info into pntr */ nt = tt->next; + memset(pntr, 0, sizeof(*pntr)); VTRANS_OBJ_LOCK(tt); pntr->tid = tt->tid; pntr->time = tt->time;