The following commit has been merged in the openafs-stable-1_6_x branch:
commit 5c4afd5558efcd54152d0be4d56c90e4c6860ef9
Author: Benjamin Kaduk <[email protected]>
Date: Mon Mar 14 23:15:20 2016 -0500
OPENAFS-SA-2016-002 VldbListByAttributes information leak
The VldbListByAttributes structure is used as an input to several
RPCs; it contains a Mask field that controls
which of the other fields will actually be read by the server
during the RPC processing. Unfortunately, the client only
wrote to the fields indicated by the mask, leaving the other
fields uninitialized for transmission on the wire, leaking
some contents of client memory.
Plug the information leak by zeroing the entire structure before use.
FIXES 132847
Change-Id: Ia7aaccd53db56c7359552b70113f9ae5edbd833e
src/bucoord/commands.c | 1 +
src/libadmin/vos/vsprocs.c | 1 +
src/volser/vos.c | 4 ++--
src/volser/vsprocs.c | 1 +
4 files changed, 5 insertions(+), 2 deletions(-)
--
OpenAFS Master Repository
_______________________________________________
OpenAFS-cvs mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-cvs
