jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-31 13:38:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

OPENAFS-SA-2018-002 ptserver: prevent PR_IDToName information leak

Browse Source 
SPR_IDToName does not completely initialize the return array of names,
and thus leaks information from ptserver memory:

- up to 62 bytes per requested id (PR_MAXNAMELEN 64 - 'a\0')

Use calloc to ensure that all memory sent on the wire is initialized,
preventing the information leak.

[kaduk@mit.edu: switch to calloc; update commit message]

(cherry picked from commit 70b0136d552a0077d3fae68f3aebacd985abd522)

(cherry picked from commit c8c8682bb0e84ee5289fac3063119ae524773f61)

Change-Id: I4adfb5071535fe89e80268feecbf3873e0a119f6
This commit is contained in:
Mark Vitale 2018-06-25 18:03:12 -04:00 committed by Benjamin Kaduk
parent bac61e7499
commit 40343287fb
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ptserver/ptprocs.c
View File

@ -687,7 +687,7 @@ idToName(struct rx_call *call, idlist *aid, namelist *aname)
return 0;
if (size < 0 || size > INT_MAX / PR_MAXNAMELEN)
return PRTOOMANY;
aname->namelist_val = (prname *) malloc(size * PR_MAXNAMELEN);
aname->namelist_val = (prname *) calloc(size, PR_MAXNAMELEN);
aname->namelist_len = 0;
if (aname->namelist_val == 0)
return PRNOMEM;