From c8c8682bb0e84ee5289fac3063119ae524773f61 Mon Sep 17 00:00:00 2001
From: Mark Vitale <mvitale@sinenomine.net>
Date: Mon, 25 Jun 2018 18:03:12 -0400
Subject: [PATCH] OPENAFS-SA-2018-002 ptserver: prevent PR_IDToName information
 leak

SPR_IDToName does not completely initialize the return array of names,
and thus leaks information from ptserver memory:

- up to 62 bytes per requested id (PR_MAXNAMELEN 64 - 'a\0')

Use calloc to ensure that all memory sent on the wire is initialized,
preventing the information leak.

[kaduk@mit.edu: switch to calloc; update commit message]

(cherry picked from commit 70b0136d552a0077d3fae68f3aebacd985abd522)

Change-Id: I787fc26ecb6fa64b17f8579198793903bc4eb16d
---
 src/ptserver/ptprocs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ptserver/ptprocs.c b/src/ptserver/ptprocs.c
index 3045ef45f..5e66fdf77 100644
--- a/src/ptserver/ptprocs.c
+++ b/src/ptserver/ptprocs.c
@@ -651,7 +651,7 @@ idToName(struct rx_call *call, idlist *aid, namelist *aname, afs_int32 *cid)
 	return 0;
     if (size < 0 || size > INT_MAX / PR_MAXNAMELEN)
 	return PRTOOMANY;
-    aname->namelist_val = malloc(size * PR_MAXNAMELEN);
+    aname->namelist_val = calloc(size, PR_MAXNAMELEN);
     aname->namelist_len = 0;
     if (aname->namelist_val == 0)
 	return PRNOMEM;
-- 
2.39.5