From e63c2570f9d95bee7c7a00dd578a6971c6e733b9 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Mon, 14 Mar 2016 23:15:20 -0500 Subject: [PATCH] OPENAFS-SA-2016-002 ListAddrByAttributes information leak The ListAddrByAttributes structure is used as an input to the GetAddrsU RPC; it contains a Mask field that controls which of the other fields will actually be read by the server during the RPC processing. Unfortunately, the client only wrote to the fields indicated by the mask, leaving the other fields uninitialized for transmission on the wire, leaking some contents of client memory. Plug the information leak by zeroing the entire structure before use. FIXES 132847 Change-Id: I9ccf814ceff206ddb3a74da97dc50b7e1e3c2014 --- src/libadmin/vos/afs_vosAdmin.c | 1 + src/venus/cacheout.c | 1 + src/vlserver/vlclient.c | 2 ++ 3 files changed, 4 insertions(+) diff --git a/src/libadmin/vos/afs_vosAdmin.c b/src/libadmin/vos/afs_vosAdmin.c index 49db8cb31..c93875d5d 100644 --- a/src/libadmin/vos/afs_vosAdmin.c +++ b/src/libadmin/vos/afs_vosAdmin.c @@ -1188,6 +1188,7 @@ GetServerRPC(void *rpc_specific, int slot, int *last_item, bulkaddrs addr_multi; int i; + memset(&m_attrs, 0, sizeof(m_attrs)); /* * Check to see if this is a multihomed address server */ diff --git a/src/venus/cacheout.c b/src/venus/cacheout.c index f7b1d5a2c..656bceb57 100644 --- a/src/venus/cacheout.c +++ b/src/venus/cacheout.c @@ -60,6 +60,7 @@ ListServers(void) char hoststr[16]; ListAddrByAttributes m_attrs; + memset(&m_attrs, 0, sizeof(m_attrs)); memset(&addrs, 0, sizeof(addrs)); memset(&spare3, 0, sizeof(spare3)); code = diff --git a/src/vlserver/vlclient.c b/src/vlserver/vlclient.c index 7a62084e7..e22af50e0 100644 --- a/src/vlserver/vlclient.c +++ b/src/vlserver/vlclient.c @@ -803,6 +803,7 @@ handleit(struct cmd_syndesc *as, void *arock) printf("[0x%x %u] (special multi-homed entry)\n", *addrp, *addrp); + memset(&attrs, 0, sizeof(attrs)); attrs.Mask = VLADDR_INDEX; mhaddrs.bulkaddrs_val = 0; mhaddrs.bulkaddrs_len = 0; @@ -878,6 +879,7 @@ handleit(struct cmd_syndesc *as, void *arock) addrs2.bulkaddrs_val = 0; addrs2.bulkaddrs_len = 0; + memset(&attrs, 0, sizeof(attrs)); attrs.Mask = VLADDR_INDEX; attrs.index = (base * VL_MHSRV_PERBLK) + index; code = -- 2.39.5