From: Daria Brashear Date: Wed, 8 Jul 2015 17:51:47 +0000 (-0400) Subject: vos: Clear nvldbentry before sending on the wire X-Git-Tag: openafs-stable-1_8_0pre1~305 X-Git-Url: http://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=415a2aad4c1e9ab5d034b62989e4c16a37b5dcc7 vos: Clear nvldbentry before sending on the wire Don't leak stack data onto the wire. Clear nvldbentry before use. FIXES 131907 (CVE-2015-3282) Change-Id: I18ea2c6ce21b6462277d067de329f4fb44dfb3ae --- diff --git a/src/volser/vsprocs.c b/src/volser/vsprocs.c index b6fb362..9bd17d8 100644 --- a/src/volser/vsprocs.c +++ b/src/volser/vsprocs.c @@ -721,6 +721,8 @@ UV_CreateVolume3(afs_uint32 aserver, afs_int32 apart, char *aname, tid = 0; error = 0; + memset(&storeEntry, 0, sizeof(struct nvldbentry)); + init_volintInfo(&tstatus); tstatus.maxquota = aquota; @@ -851,6 +853,8 @@ UV_AddVLDBEntry(afs_uint32 aserver, afs_int32 apart, char *aname, afs_int32 vcode; struct nvldbentry entry, storeEntry; /*the new vldb entry */ + memset(&storeEntry, 0, sizeof(struct nvldbentry)); + aconn = (struct rx_connection *)0; error = 0; @@ -909,6 +913,8 @@ UV_DeleteVolume(afs_uint32 aserver, afs_int32 apart, afs_uint32 avolid) afs_int32 avoltype = -1, vtype; int notondisk = 0, notinvldb = 0; + memset(&storeEntry, 0, sizeof(struct nvldbentry)); + /* Find and read bhe VLDB entry for this volume */ code = ubik_VL_SetLock(cstruct, 0, avolid, avoltype, VLOP_DELETE); if (code) { @@ -1354,6 +1360,8 @@ UV_ConvertRO(afs_uint32 server, afs_uint32 partition, afs_uint32 volid, afs_uint32 roserver = 0; struct rx_connection *aconn; + memset(&storeEntry, 0, sizeof(struct nvldbentry)); + vcode = ubik_VL_SetLock(cstruct, 0, entry->volumeId[RWVOL], RWVOL, VLOP_MOVE); @@ -7454,6 +7462,8 @@ MapNetworkToHost(struct nvldbentry *old, struct nvldbentry *new) { int i, count; + memset(new, 0, sizeof(struct nvldbentry)); + /*copy all the fields */ strcpy(new->name, old->name); /* new->volumeType = old->volumeType;*/