jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-31 05:27:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

OPENAFS-SA-2016-002 VldbListByAttributes information leak

Browse Source 
The VldbListByAttributes structure is used as an input to several
RPCs; it contains a Mask field that controls
which of the other fields will actually be read by the server
during the RPC processing.  Unfortunately, the client only
wrote to the fields indicated by the mask, leaving the other
fields uninitialized for transmission on the wire, leaking
some contents of client memory.

Plug the information leak by zeroing the entire structure before use.

FIXES 132847

Change-Id: Ia7aaccd53db56c7359552b70113f9ae5edbd833e
This commit is contained in:
Benjamin Kaduk 2016-03-14 23:15:20 -05:00
parent 3ed9750162
commit 5c4afd5558
4 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/bucoord/commands.c
View File

@ -219,6 +219,7 @@ EvalVolumeSet2(struct bc_config *aconfig,
*avols = (struct bc_volumeDump *)0;
bulkentries.nbulkentries_len = 0;
bulkentries.nbulkentries_val = 0;
memset(&attributes, 0, sizeof(attributes));
/* For each of the volume set entries - collect the volumes that match it */
for (tve = avs->ventries; tve; tve = tve->next) {

1
src/libadmin/vos/vsprocs.c
View File

@ -3621,6 +3621,7 @@ UV_SyncServer(afs_cell_handle_p cellHandle, struct rx_connection *server,
noError = 1;
arrayEntries.nbulkentries_val = 0;
memset(&attributes, 0, sizeof(attributes));
/* Set up attributes to search VLDB */
attributes.server = ntohl(rx_HostOf(rx_PeerOf(server)));

4
src/volser/vos.c
View File

@ -4506,7 +4506,7 @@ ListVLDB(struct cmd_syndesc *as, void *arock)
aserver = 0;
apart = 0;
attributes.Mask = 0;
memset(&attributes, 0, sizeof(attributes));
lock = (as->parms[3].items ? 1 : 0); /* -lock flag */
quiet = (as->parms[4].items ? 1 : 0); /* -quit flag */
sort = (as->parms[5].items ? 0 : 1); /* -nosort flag */
@ -5009,7 +5009,7 @@ UnlockVLDB(struct cmd_syndesc *as, void *arock)
apart = -1;
totalE = 0;
attributes.Mask = 0;
memset(&attributes, 0, sizeof(attributes));
if (as->parms[0].items) { /* server specified */
aserver = GetServer(as->parms[0].items->data);

1
src/volser/vsprocs.c
View File

@ -6999,6 +6999,7 @@ UV_SyncServer(afs_uint32 aserver, afs_int32 apart, int flags, int force)
aconn = UV_Bind(aserver, AFSCONF_VOLUMEPORT);
/* Set up attributes to search VLDB */
memset(&attributes, 0, sizeof(attributes));
attributes.server = ntohl(aserver);
attributes.Mask = VLLIST_SERVER;
if ((flags & 1)) {