git://git.openafs.org / openafs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 67646c7) | patch
OPENAFS-SA-2016-002 VldbListByAttributes information leak
authorBenjamin Kaduk <kaduk@mit.edu>
Tue, 15 Mar 2016 04:15:20 +0000 (23:15 -0500)
committerBenjamin Kaduk <kaduk@mit.edu>
Wed, 16 Mar 2016 04:04:00 +0000 (00:04 -0400)
commitc12b3fee2fabd92c57d92fc945d70acba9f53ab3
treeb48f6360ca13fd4cfb5b4da69c97a6a6eb1abf79tree | snapshot
parent67646c7c901a1f346d78666f432b673c5b341380commit | diff
OPENAFS-SA-2016-002 VldbListByAttributes information leak

The VldbListByAttributes structure is used as an input to several
RPCs; it contains a Mask field that controls
which of the other fields will actually be read by the server
during the RPC processing.  Unfortunately, the client only
wrote to the fields indicated by the mask, leaving the other
fields uninitialized for transmission on the wire, leaking
some contents of client memory.

Plug the information leak by zeroing the entire structure before use.

FIXES 132847

Change-Id: I14964e98a57ba6ef060c6e392497f1ebd3afe042
src/bucoord/commands.c diff | blob | history
src/libadmin/vos/vsprocs.c diff | blob | history
src/volser/vos.c diff | blob | history
src/volser/vsprocs.c diff | blob | history
OpenAFS Master Repository