From 52f4d63148323e7d605f9194ff8c1549756e654b Mon Sep 17 00:00:00 2001 From: Mark Vitale Date: Tue, 26 Jun 2018 05:00:25 -0400 Subject: [PATCH] OPENAFS-SA-2018-002 butc: prevent TC_ReadLabel information leak TC_ReadLabel (backup readlabel) does not initialize its output buffer completely. It leaks butc memory contents over the wire: struct tc_tapeLabel - up to 32 bytes from member afsname (TC_MAXTAPELEN 32) - up to 32 bytes from member pname (TC_MAXTAPELEN 32) Initialize the buffer. [kaduk@mit.edu: move initialization to the RPC stub] Change-Id: I30f4aa32801791913b397a58c36c86c019dc51ef --- src/butc/tcprocs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/butc/tcprocs.c b/src/butc/tcprocs.c index d41112a..7154a18 100644 --- a/src/butc/tcprocs.c +++ b/src/butc/tcprocs.c @@ -372,6 +372,7 @@ STC_ReadLabel(struct rx_call *acid, struct tc_tapeLabel *label, afs_uint32 *task { afs_int32 code; + memset(label, 0, sizeof(*label)); #ifdef xbsa if (CONF_XBSA) return (TC_BADTASK); /* ReadLabel does not apply if XBSA */ -- 1.9.4