OPENAFS-SA-2018-002 ubik: prevent VOTE_Debug, VOTE_XDebug information leak

VOTE_Debug and VOTE_XDebug (udebug) both leave a single field
uninitialized if there is no current transaction.  This leaks the memory
contents of the ubik server over the wire.

struct ubik_debug
- 4 bytes in member writeTrans

In common code to both RPCs, ensure that writeTrans is always
initialized.

[kaduk@mit.edu: switch to memset]

Change-Id: I91184b4ed0c159982a883ebaa9634406400eae93

diff --git a/src/ubik/vote.c b/src/ubik/vote.c
index 3b771f0..34f285d 100644 (file)
--- a/src/ubik/vote.c
+++ b/src/ubik/vote.c
@@ -405,6 +405,7 @@ SVOTE_Debug(struct rx_call * rxcall, struct ubik_debug * aparm)
     /* fill in the basic debug structure.  Note the the RPC protocol transfers,
      * integers in host order. */
 
+    memset(aparm, 0, sizeof(*aparm));
     aparm->now = FT_ApproxTime();
     aparm->lastYesTime = vote_globals.ubik_lastYesTime;
     aparm->lastYesHost = ntohl(vote_globals.lastYesHost);