OPENAFS-SA-2018-002 ptserver: prevent PR_IDToName information leak

SPR_IDToName does not completely initialize the return array of names,
and thus leaks information from ptserver memory:

- up to 62 bytes per requested id (PR_MAXNAMELEN 64 - 'a\0')

Use calloc to ensure that all memory sent on the wire is initialized,
preventing the information leak.

[kaduk@mit.edu: switch to calloc; update commit message]

Change-Id: Iad623f2cc4c54b79f14a64b8714ba12579d05447

diff --git a/src/ptserver/ptprocs.c b/src/ptserver/ptprocs.c
index 3045ef4..5e66fdf 100644 (file)
--- a/src/ptserver/ptprocs.c
+++ b/src/ptserver/ptprocs.c
@@ -651,7 +651,7 @@ idToName(struct rx_call *call, idlist *aid, namelist *aname, afs_int32 *cid)
        return 0;
     if (size < 0 || size > INT_MAX / PR_MAXNAMELEN)
        return PRTOOMANY;
-    aname->namelist_val = malloc(size * PR_MAXNAMELEN);
+    aname->namelist_val = calloc(size, PR_MAXNAMELEN);
     aname->namelist_len = 0;
     if (aname->namelist_val == 0)
        return PRNOMEM;