OPENAFS-SA-2016-002 ListAddrByAttributes information leak
authorBenjamin Kaduk <kaduk@mit.edu>
Tue, 15 Mar 2016 04:15:20 +0000 (23:15 -0500)
committerBenjamin Kaduk <kaduk@mit.edu>
Wed, 16 Mar 2016 04:04:00 +0000 (00:04 -0400)
commite63c2570f9d95bee7c7a00dd578a6971c6e733b9
treefe45f24069b6da00bd15cec2cceab4f1abb7416d
parentc12b3fee2fabd92c57d92fc945d70acba9f53ab3
OPENAFS-SA-2016-002 ListAddrByAttributes information leak

The ListAddrByAttributes structure is used as an input to the GetAddrsU
RPC; it contains a Mask field that controls which of the other fields
will actually be read by the server during the RPC processing.
Unfortunately, the client only wrote to the fields indicated by the
mask, leaving the other fields uninitialized for transmission on the
wire, leaking some contents of client memory.

Plug the information leak by zeroing the entire structure before use.

FIXES 132847

Change-Id: I9ccf814ceff206ddb3a74da97dc50b7e1e3c2014
src/libadmin/vos/afs_vosAdmin.c
src/venus/cacheout.c
src/vlserver/vlclient.c