git.openafs.org Git - openafs.git/commit

author	Mark Vitale <mvitale@sinenomine.net>
	Tue, 26 Jun 2018 07:56:24 +0000 (03:56 -0400)
committer	Benjamin Kaduk <kaduk@mit.edu>
	Mon, 10 Sep 2018 01:53:25 +0000 (20:53 -0500)
commit	0dbbcc9ac62425618a3a3a28ee05eba2507f6efd
tree	ff630a31fe6188a3d074a80cfb9198a2c822c8e2	tree \| snapshot
parent	f0c4f8d899214bf405e809be813be4d5be125ad8	commit \| diff

OPENAFS-SA-2018-002 afs: prevent RXAFSCB_TellMeAboutYourself information leak

RXAFSCB_TellMeAboutYourself does not completely initialize its output
buffers. This leaks kernel memory over the wire:

struct interfaceAddr
Unix cache manager (libafs)
- up to 124 bytes in array addr_in ((AFS_MAX_INTERFACE_ADDR 32 * 4) - 4))
- up to 124 bytes in array subnetmask "
- up to 124 bytes in array mtu "

Windows cache manager
- 64 bytes in array addr_in ((AFS_MAX_INTERFACE_ADDR 32 - CM_MAXINTERFACE_ADDR 16)* 4)
- 64 bytes in array subnetmask "
- 64 bytes in array mtu "

The following implementations of SRXAFSCB_TellMeAboutYourself are not susceptible:
- fsprobe
- libafscp
- xstat_fs_test

Initialize the buffer.

(cherry picked from commit 211b6d6a4307006da1467b3be46912a3a5d7b20b)

(cherry picked from commit a6557ffa64d8fab3526c4f89629dcbb965a27780)

Change-Id: I6d334ae56c7c0e7c4acb1d7dbc59f785e0b47713

src/WINNT/afsd/cm_callback.c		diff \| blob \| history
src/afs/afs_callback.c		diff \| blob \| history