The following commit has been merged in the master branch:
commit b604ee7add7be416bf20973422a041e913d20761
Author: Mark Vitale <[email protected]>
Date: Tue Jun 26 05:26:21 2018 -0400
OPENAFS-SA-2018-002 kaserver: prevent KAM_ListEntry information leak
KAM_ListEntry (kas list) does not initialize its output correctly. It
leaks kaserver memory contents over the wire:
struct kaindex
- up to 64 bytes for member name
- up to 64 bytes for member instance
Initialize the buffer.
[[email protected]: move initialization to top of server routine]
Change-Id: I5cc430fc996e7e89d38a384d092b9d4fad248fa4
src/kauth/kaprocs.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
--
OpenAFS Master Repository
_______________________________________________
OpenAFS-cvs mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-cvs
