The following commit has been merged in the openafs-stable-1_8_x branch:
commit b7e53b9e9706d63215a1804ed9eca30d69461f03
Author: Mark Vitale <[email protected]>
Date: Tue Jun 26 05:00:25 2018 -0400
OPENAFS-SA-2018-002 butc: prevent TC_ReadLabel information leak
TC_ReadLabel (backup readlabel) does not initialize its output buffer
completely. It leaks butc memory contents over the wire:
struct tc_tapeLabel
- up to 32 bytes from member afsname (TC_MAXTAPELEN 32)
- up to 32 bytes from member pname (TC_MAXTAPELEN 32)
Initialize the buffer.
[[email protected]: move initialization to the RPC stub]
(cherry picked from commit 52f4d63148323e7d605f9194ff8c1549756e654b)
Change-Id: Ia5d9dd649bdbd45c8b201f344bf55080a55e3392
src/butc/tcprocs.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
--
OpenAFS Master Repository
_______________________________________________
OpenAFS-cvs mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-cvs
