The following commit has been merged in the master branch:
commit e63c2570f9d95bee7c7a00dd578a6971c6e733b9
Author: Benjamin Kaduk <[email protected]>
Date: Mon Mar 14 23:15:20 2016 -0500
OPENAFS-SA-2016-002 ListAddrByAttributes information leak
The ListAddrByAttributes structure is used as an input to the GetAddrsU
RPC; it contains a Mask field that controls which of the other fields
will actually be read by the server during the RPC processing.
Unfortunately, the client only wrote to the fields indicated by the
mask, leaving the other fields uninitialized for transmission on the
wire, leaking some contents of client memory.
Plug the information leak by zeroing the entire structure before use.
FIXES 132847
Change-Id: I9ccf814ceff206ddb3a74da97dc50b7e1e3c2014
src/libadmin/vos/afs_vosAdmin.c | 1 +
src/venus/cacheout.c | 1 +
src/vlserver/vlclient.c | 2 ++
3 files changed, 4 insertions(+), 0 deletions(-)
--
OpenAFS Master Repository
_______________________________________________
OpenAFS-cvs mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-cvs
