SPR_IDToName does not completely initialize the return array of names,
and thus leaks information from ptserver memory:
- up to 62 bytes per requested id (PR_MAXNAMELEN 64 - 'a\0')
Use calloc to ensure that all memory sent on the wire is initialized,
preventing the information leak.
[kaduk@mit.edu: switch to calloc; update commit message]
Change-Id: Iad623f2cc4c54b79f14a64b8714ba12579d05447
return 0;
if (size < 0 || size > INT_MAX / PR_MAXNAMELEN)
return PRTOOMANY;
- aname->namelist_val = malloc(size * PR_MAXNAMELEN);
+ aname->namelist_val = calloc(size, PR_MAXNAMELEN);
aname->namelist_len = 0;
if (aname->namelist_val == 0)
return PRNOMEM;