SPR_IDToName does not completely initialize the return array of names,
and thus leaks information from ptserver memory:
- up to 62 bytes per requested id (PR_MAXNAMELEN 64 - 'a\0')
Use calloc to ensure that all memory sent on the wire is initialized,
preventing the information leak.
[kaduk@mit.edu: switch to calloc; update commit message]
(cherry picked from commit
70b0136d552a0077d3fae68f3aebacd985abd522)
(cherry picked from commit
c8c8682bb0e84ee5289fac3063119ae524773f61)
Change-Id: I4adfb5071535fe89e80268feecbf3873e0a119f6
return 0;
if (size < 0 || size > INT_MAX / PR_MAXNAMELEN)
return PRTOOMANY;
- aname->namelist_val = (prname *) malloc(size * PR_MAXNAMELEN);
+ aname->namelist_val = (prname *) calloc(size, PR_MAXNAMELEN);
aname->namelist_len = 0;
if (aname->namelist_val == 0)
return PRNOMEM;