RXAFSCB_TellMeAboutYourself does not completely initialize its output
buffers. This leaks kernel memory over the wire:
struct interfaceAddr
Unix cache manager (libafs)
- up to 124 bytes in array addr_in ((AFS_MAX_INTERFACE_ADDR 32 * 4) - 4))
- up to 124 bytes in array subnetmask "
- up to 124 bytes in array mtu "
Windows cache manager
- 64 bytes in array addr_in ((AFS_MAX_INTERFACE_ADDR 32 - CM_MAXINTERFACE_ADDR 16)* 4)
- 64 bytes in array subnetmask "
- 64 bytes in array mtu "
The following implementations of SRXAFSCB_TellMeAboutYourself are not susceptible:
- fsprobe
- libafscp
- xstat_fs_test
Initialize the buffer.
(cherry picked from commit
211b6d6a4307006da1467b3be46912a3a5d7b20b)
(cherry picked from commit
a6557ffa64d8fab3526c4f89629dcbb965a27780)
Change-Id: I6d334ae56c7c0e7c4acb1d7dbc59f785e0b47713
}
/* return all network interface addresses */
+ memset(addr, 0, sizeof(*addr));
addr->numberOfInterfaces = cm_noIPAddr;
addr->uuid = cm_data.Uuid;
for ( i=0; i < cm_noIPAddr; i++ ) {
ObtainReadLock(&afs_xinterface);
/* return all network interface addresses */
+ memset(addr, 0, sizeof(*addr));
addr->numberOfInterfaces = afs_cb_interface.numberOfInterfaces;
addr->uuid = afs_cb_interface.uuid;
for (i = 0; i < afs_cb_interface.numberOfInterfaces; i++) {
git://git.openafs.org / openafs.git / commitdiff