The following commit has been merged in the master branch:
commit 26924fd508b21bb6145e77dc31b6cd0923193b72
Author: Mark Vitale <[email protected]>
Date: Tue Jun 26 03:00:02 2018 -0400
OPENAFS-SA-2018-002 volser: prevent AFSVolMonitor information leak
AFSVolMonitor (vos status) does not properly initialize its output
buffers. This leaks information from volserver memory:
struct transDebugInfo
- up to 29 bytes in member lastProcName (30-'\0')
- 16 bytes in members readNext, tranmitNext, lastSendTime,
lastReceiveTime
Initialize the buffers. This must be done on a per-buffer basis inside
the loop, since realloc is used to expand the storage if needed,
and there is not a standard realloc API to zero the newly allocated storage.
[[email protected]: update commit message]
Change-Id: I79091fc63435ed2a795955f95bb867bc625ad398
src/volser/volprocs.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
--
OpenAFS Master Repository
_______________________________________________
OpenAFS-cvs mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-cvs
