From 3dea4adaa356b7eed40b6162c106c5e90690f5a1 Mon Sep 17 00:00:00 2001 From: Mark Vitale Date: Tue, 26 Jun 2018 03:47:41 -0400 Subject: [PATCH] OPENAFS-SA-2018-002 afs: prevent RXAFSCB_GetLock information leak RXAFSCB_GetLock (cmdebug) does not correctly initialize its output. This leaks kernel memory over the wire: struct AFSDBLock - up to 14 bytes for member name (16 - '\0') Initialize the buffer. (cherry picked from commit b52eb11a08f2ad786238434141987da27b81e743) Change-Id: If84c5d9d805356cd56be77313149a931a948b4d5 --- src/afs/afs_callback.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/afs/afs_callback.c b/src/afs/afs_callback.c index 61b2a75b7a..2bad7c94af 100644 --- a/src/afs/afs_callback.c +++ b/src/afs/afs_callback.c @@ -306,6 +306,7 @@ SRXAFSCB_GetLock(struct rx_call *a_call, afs_int32 a_index, XSTATS_START_CMTIME(AFS_STATS_CM_RPCIDX_GETLOCK); AFS_STATCNT(SRXAFSCB_GetLock); + memset(a_result, 0, sizeof(*a_result)); nentries = sizeof(ltable) / sizeof(struct ltable); if (a_index < 0 || a_index >= nentries+afs_cellindex) { /*