The following commit has been merged in the master branch:
commit be0142707ca54f3de99c4886530e7ac9f48dd61c
Author: Mark Vitale <[email protected]>
Date: Tue Jun 26 05:12:32 2018 -0400
OPENAFS-SA-2018-002 butc: prevent TC_DumpStatus, TC_ScanStatus information
leaks
TC_ScanStatus (backup status) and TC_GetStatus (internal backup status
watcher) do not initialize their output buffers. They leak memory
contents over the wire:
struct tciStatusS
- up to 64 bytes in member taskName (TC_MAXNAMELEN 64)
- up to 64 bytes in member volumeName "
Initialize the buffers.
[[email protected]: move initialization to top of server routines]
Change-Id: I0337d233e1dced56e351ed00471c9738fcd3b9db
src/butc/tcstatus.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
--
OpenAFS Master Repository
_______________________________________________
OpenAFS-cvs mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-cvs
