git://git.openafs.org / openafs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b52eb11) | patch
OPENAFS-SA-2018-002 afs: prevent RXAFSCB_TellMeAboutYourself information leak
authorMark Vitale <mvitale@sinenomine.net>
Tue, 26 Jun 2018 07:56:24 +0000 (03:56 -0400)
committerBenjamin Kaduk <kaduk@mit.edu>
Sun, 9 Sep 2018 22:33:52 +0000 (17:33 -0500)
commit211b6d6a4307006da1467b3be46912a3a5d7b20b
tree0727610cebc0a12ae711d21c2b53a3a8bace4af5tree | snapshot
parentb52eb11a08f2ad786238434141987da27b81e743commit | diff
OPENAFS-SA-2018-002 afs: prevent RXAFSCB_TellMeAboutYourself information leak

RXAFSCB_TellMeAboutYourself does not completely initialize its output
buffers.  This leaks kernel memory over the wire:

struct interfaceAddr
Unix cache manager (libafs)
- up to 124 bytes in array addr_in ((AFS_MAX_INTERFACE_ADDR 32 * 4) - 4))
- up to 124 bytes in array subnetmask "
- up to 124 bytes in array mtu "

Windows cache manager
- 64 bytes in array addr_in ((AFS_MAX_INTERFACE_ADDR 32 - CM_MAXINTERFACE_ADDR 16)* 4)
- 64 bytes in array subnetmask "
- 64 bytes in array mtu         "

The following implementations of SRXAFSCB_TellMeAboutYourself are not susceptible:
- fsprobe
- libafscp
- xstat_fs_test

Initialize the buffer.

Change-Id: I2ef868dd9269db7004a21cf913b6787948357d10
src/WINNT/afsd/cm_callback.c diff | blob | history
src/afs/afs_callback.c diff | blob | history
OpenAFS Master Repository