From: Mark Vitale <mvitale@sinenomine.net>
Date: Tue, 26 Jun 2018 07:47:41 +0000 (-0400)
Subject: OPENAFS-SA-2018-002 afs: prevent RXAFSCB_GetLock information leak
X-Git-Tag: openafs-devel-1_9_0~474
X-Git-Url: https://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=b52eb11a08f2ad786238434141987da27b81e743

OPENAFS-SA-2018-002 afs: prevent RXAFSCB_GetLock information leak

RXAFSCB_GetLock (cmdebug) does not correctly initialize its output.
This leaks kernel memory over the wire:

struct AFSDBLock
- up to 14 bytes for member name (16 - '<cellname>\0')

Initialize the buffer.

Change-Id: I4c5c8d67816c51645c0db44dc8f19b1b27c02757
---

diff --git a/src/afs/afs_callback.c b/src/afs/afs_callback.c
index 61b2a75..2bad7c9 100644
--- a/src/afs/afs_callback.c
+++ b/src/afs/afs_callback.c
@@ -306,6 +306,7 @@ SRXAFSCB_GetLock(struct rx_call *a_call, afs_int32 a_index,
     XSTATS_START_CMTIME(AFS_STATS_CM_RPCIDX_GETLOCK);
 
     AFS_STATCNT(SRXAFSCB_GetLock);
+    memset(a_result, 0, sizeof(*a_result));
     nentries = sizeof(ltable) / sizeof(struct ltable);
     if (a_index < 0 || a_index >= nentries+afs_cellindex) {
 	/*