From: Daria Brashear <shadow@your-file-system.com>
Date: Wed, 8 Jul 2015 18:16:41 +0000 (-0400)
Subject: afs: Clear pioctl data interchange buffer before use
X-Git-Tag: upstream/1.6.13^2~4
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=d4cd57807660a6fd3b47bc83de14a78fa8292a5f;p=packages%2Fo%2Fopenafs.git

afs: Clear pioctl data interchange buffer before use

Avoid leaking data in pioctl interchange buffers; clear the memory
when one is allocated.

FIXES 131892 (CVE-2015-3284)

(cherry picked from commit 592a99d6e693bc640e2bdfc2e7e5243fcedc8f93)

Change-Id: I90fef404978bd7aae3eb88836bcd4f95587fd45c
---

diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
index e9a84e3d2..89a56b976 100644
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@@ -62,6 +62,11 @@ afs_pd_alloc(struct afs_pdata *apd, size_t size)
     if (apd->ptr == NULL)
 	return ENOMEM;
 
+    if (size > AFS_LRALLOCSIZ)
+	memset(apd->ptr, 0, size + 1);
+    else
+	memset(apd->ptr, 0, AFS_LRALLOCSIZ);
+
     apd->remaining = size;
 
     return 0;