git://git.openafs.org / openafs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 52f4d63) | patch
OPENAFS-SA-2018-002 butc: prevent TC_DumpStatus, TC_ScanStatus information leaks
authorMark Vitale <mvitale@sinenomine.net>
Tue, 26 Jun 2018 09:12:32 +0000 (05:12 -0400)
committerBenjamin Kaduk <kaduk@mit.edu>
Sun, 9 Sep 2018 22:34:01 +0000 (17:34 -0500)
commitbe0142707ca54f3de99c4886530e7ac9f48dd61c
treee0fcc243e660a2ffa36f3af168dd5784cb61f12ctree | snapshot
parent52f4d63148323e7d605f9194ff8c1549756e654bcommit | diff
OPENAFS-SA-2018-002 butc: prevent TC_DumpStatus, TC_ScanStatus information leaks

TC_ScanStatus (backup status) and TC_GetStatus (internal backup status
watcher) do not initialize their output buffers.  They leak memory
contents over the wire:

struct tciStatusS
- up to 64 bytes in member taskName (TC_MAXNAMELEN 64)
- up to 64 bytes in member volumeName  "

Initialize the buffers.

[kaduk@mit.edu: move initialization to top of server routines]

Change-Id: I0337d233e1dced56e351ed00471c9738fcd3b9db
src/butc/tcstatus.c diff | blob | history
OpenAFS Master Repository