git://git.openafs.org / openafs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 70b0136) | patch
OPENAFS-SA-2018-002 volser: prevent AFSVolPartitionInfo(64) information leak
authorMark Vitale <mvitale@sinenomine.net>
Tue, 26 Jun 2018 06:33:05 +0000 (02:33 -0400)
committerBenjamin Kaduk <kaduk@mit.edu>
Sun, 9 Sep 2018 22:33:28 +0000 (17:33 -0500)
commit76e62c1de868c2b2e3cc56a35474e15dc4cc1551
tree24ad7917a9310ee9da3bd9e366b9ba29e4a66a08tree | snapshot
parent70b0136d552a0077d3fae68f3aebacd985abd522commit | diff
OPENAFS-SA-2018-002 volser: prevent AFSVolPartitionInfo(64) information leak

AFSVolPartitionInfo and AFSVolPartitionInfo64 (vos partinfo) do not
properly initialize their reply buffers.  This leaks the contents of
volserver memory over the wire:

AFSVolPartitionInfo (struct diskPartition)
- up to 24 bytes in member name (32-'/vicepa\0'))
- up to 12 bytes in member devName (32-'/vicepa/Lock/vicepa\0'))

AFSVolPartitionInfo64 (struct diskPartition64)
- up to 248 bytes in member name (256-'/vicepa\0'))
- up to 236 bytes in member devName (256-'/vicepa/Lock/vicepa\0')

Initialize the output buffers.

[kaduk@mit.edu: move memset to top-level function scope of RPC handlers]

Change-Id: If64c02f36f10f52bfbab4b21ad1f60032c223c82
src/volser/volprocs.c diff | blob | history
OpenAFS Master Repository