git://git.openafs.org / openafs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 03e804b) | patch
OPENAFS-SA-2018-002 ptserver: prevent PR_IDToName information leak
authorMark Vitale <mvitale@sinenomine.net>
Mon, 25 Jun 2018 22:03:12 +0000 (18:03 -0400)
committerBenjamin Kaduk <kaduk@mit.edu>
Sun, 9 Sep 2018 22:33:02 +0000 (17:33 -0500)
commit70b0136d552a0077d3fae68f3aebacd985abd522
treeef80e4401208c81e27288e1a813fc1537dac7652tree | snapshot
parent03e804b629c17ca7a4e5789cf98b283c52bd59edcommit | diff
OPENAFS-SA-2018-002 ptserver: prevent PR_IDToName information leak

SPR_IDToName does not completely initialize the return array of names,
and thus leaks information from ptserver memory:

- up to 62 bytes per requested id (PR_MAXNAMELEN 64 - 'a\0')

Use calloc to ensure that all memory sent on the wire is initialized,
preventing the information leak.

[kaduk@mit.edu: switch to calloc; update commit message]

Change-Id: Iad623f2cc4c54b79f14a64b8714ba12579d05447
src/ptserver/ptprocs.c diff | blob | history
OpenAFS Master Repository