From 04fb009f15b75aca8e62675972ce23526a62ba80 Mon Sep 17 00:00:00 2001
From: Mark Vitale <mvitale@sinenomine.net>
Date: Tue, 26 Jun 2018 05:26:21 -0400
Subject: [PATCH] OPENAFS-SA-2018-002 kaserver: prevent KAM_ListEntry
 information leak

KAM_ListEntry (kas list) does not initialize its output correctly.  It
leaks kaserver memory contents over the wire:

struct kaindex
- up to 64 bytes for member name
- up to 64 bytes for member instance

Initialize the buffer.

[kaduk@mit.edu: move initialization to top of server routine]

(cherry picked from commit b604ee7add7be416bf20973422a041e913d20761)

(cherry picked from commit c912830e9c82d91bccf85018ef1e6a75edc410c4)

Change-Id: I51229a121cbc4e428169635e8fc46321fb52b813
---
 src/kauth/kaprocs.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/kauth/kaprocs.c b/src/kauth/kaprocs.c
index e2c058c6fb..faaad1ee6d 100644
--- a/src/kauth/kaprocs.c
+++ b/src/kauth/kaprocs.c
@@ -1695,6 +1695,7 @@ kamListEntry(struct rx_call *call,
     afs_int32 caller;
     struct kaentry tentry;
 
+    memset(name, 0, sizeof(*name));
     COUNT_REQ(ListEntry);
     if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
 	return code;