git://git.openafs.org / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch (from parent 1: be01427)
OPENAFS-SA-2018-002 kaserver: prevent KAM_ListEntry information leak
authorMark Vitale <mvitale@sinenomine.net>
Tue, 26 Jun 2018 09:26:21 +0000 (05:26 -0400)
committerBenjamin Kaduk <kaduk@mit.edu>
Sun, 9 Sep 2018 22:34:03 +0000 (17:34 -0500)
KAM_ListEntry (kas list) does not initialize its output correctly.  It
leaks kaserver memory contents over the wire:

struct kaindex
- up to 64 bytes for member name
- up to 64 bytes for member instance

Initialize the buffer.

[kaduk@mit.edu: move initialization to top of server routine]

Change-Id: I5cc430fc996e7e89d38a384d092b9d4fad248fa4

src/kauth/kaprocs.c patch | blob | history

diff --git a/src/kauth/kaprocs.c b/src/kauth/kaprocs.c
index 315096a..1c6c68f 100644 (file)
--- a/src/kauth/kaprocs.c
+++ b/src/kauth/kaprocs.c
@@ -1700,6 +1700,7 @@ kamListEntry(struct rx_call *call,
     afs_int32 caller;
     struct kaentry tentry;
 
+    memset(name, 0, sizeof(*name));
     COUNT_REQ(ListEntry);
     if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
        return code;
OpenAFS Master Repository