From b52eb11a08f2ad786238434141987da27b81e743 Mon Sep 17 00:00:00 2001 From: Mark Vitale Date: Tue, 26 Jun 2018 03:47:41 -0400 Subject: [PATCH] OPENAFS-SA-2018-002 afs: prevent RXAFSCB_GetLock information leak RXAFSCB_GetLock (cmdebug) does not correctly initialize its output. This leaks kernel memory over the wire: struct AFSDBLock - up to 14 bytes for member name (16 - '\0') Initialize the buffer. Change-Id: I4c5c8d67816c51645c0db44dc8f19b1b27c02757 --- src/afs/afs_callback.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/afs/afs_callback.c b/src/afs/afs_callback.c index 61b2a75..2bad7c9 100644 --- a/src/afs/afs_callback.c +++ b/src/afs/afs_callback.c @@ -306,6 +306,7 @@ SRXAFSCB_GetLock(struct rx_call *a_call, afs_int32 a_index, XSTATS_START_CMTIME(AFS_STATS_CM_RPCIDX_GETLOCK); AFS_STATCNT(SRXAFSCB_GetLock); + memset(a_result, 0, sizeof(*a_result)); nentries = sizeof(ltable) / sizeof(struct ltable); if (a_index < 0 || a_index >= nentries+afs_cellindex) { /* -- 1.9.4