PR_ListEntries (pts listentries) does not properly initialize its output
buffers. This leaks ptserver memory over the wire:
struct prlistentries
- up to 62 bytes for each entry name (PR_MAXNAMELEN 64 - 'a\0')
Initialize the buffer, and remove the now redundant memset for the
reserved fields.
Change-Id: I29d70c7e4dd567b8b046037f29f71911b8a0593f
entry = bulkentries->prentries_val;
entry += bulkentries->prentries_len;
+ memset(entry, 0, sizeof(*entry));
entry->flags = tentry->flags >> PRIVATE_SHIFT;
if (entry->flags == 0) {
entry->flags =
entry->nusers = tentry->nusers;
entry->count = tentry->count;
strncpy(entry->name, tentry->name, PR_MAXNAMELEN);
- memset(entry->reserved, 0, sizeof(entry->reserved));
bulkentries->prentries_len++;
return 0;
}