From 0ee86cc3f986365df9de21ede5735cc1f40db7e5 Mon Sep 17 00:00:00 2001 From: Mark Vitale Date: Tue, 26 Jun 2018 06:01:16 -0400 Subject: [PATCH] OPENAFS-SA-2018-002 ubik: prevent VOTE_Debug, VOTE_XDebug information leak VOTE_Debug and VOTE_XDebug (udebug) both leave a single field uninitialized if there is no current transaction. This leaks the memory contents of the ubik server over the wire. struct ubik_debug - 4 bytes in member writeTrans In common code to both RPCs, ensure that writeTrans is always initialized. [kaduk@mit.edu: switch to memset] (cherry picked from commit 7a7c1f751cdb06c0d95339c999b2c035c2d2168b) Change-Id: I2759989bf1a5190f9f03621218224c47094a88b7 --- src/ubik/vote.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ubik/vote.c b/src/ubik/vote.c index ba4ff5a80..2cf1887ec 100644 --- a/src/ubik/vote.c +++ b/src/ubik/vote.c @@ -403,6 +403,7 @@ SVOTE_Debug(struct rx_call * rxcall, struct ubik_debug * aparm) /* fill in the basic debug structure. Note the the RPC protocol transfers, * integers in host order. */ + memset(aparm, 0, sizeof(*aparm)); aparm->now = FT_ApproxTime(); aparm->lastYesTime = vote_globals.ubik_lastYesTime; aparm->lastYesHost = ntohl(vote_globals.lastYesHost); -- 2.39.5