OPENAFS-SA-2018-002 ptserver: prevent PR_ListEntries information leak

PR_ListEntries (pts listentries) does not properly initialize its output buffers. This leaks ptserver memory over the wire: struct prlistentries - up to 62 bytes for each entry name (PR_MAXNAMELEN 64 - 'a\0') Initialize the buffer, and remove the now redundant memset for the reserved fields. (cherry picked from commit 9d1aeb5d761581a35bef2042e9116b96e9ae3bf5) (cherry picked from commit e19ad4cdde463d2bbb4b815525da992bd5fc2648) (cherry picked from commit 7ee25861685a4f56b304627ca2a0dbfed179646d) Change-Id: I42d32876ddf8fa98744620fdf75b4e0783b93aba
2025-01-31 05:27:44 +00:00 · 2018-06-26 03:37:37 -04:00 · 2018-06-26 03:37:37 -04:00 · 6cdfce3c9a
commit 6cdfce3c9a
parent c67fe473f7
1 changed files with 1 additions and 1 deletions
--- a/src/ptserver/ptprocs.c
+++ b/src/ptserver/ptprocs.c
@ -1647,6 +1647,7 @@ put_prentries(struct prentry *tentry, prentries *bulkentries)
    entry = (struct prlistentries *)bulkentries->prentries_val;
    entry += bulkentries->prentries_len;

+    memset(entry, 0, sizeof(*entry));
    entry->flags = tentry->flags >> PRIVATE_SHIFT;
    if (entry->flags == 0) {
 	entry->flags =
@ -1661,7 +1662,6 @@ put_prentries(struct prentry *tentry, prentries *bulkentries)
    entry->nusers = tentry->nusers;
    entry->count = tentry->count;
    strncpy(entry->name, tentry->name, PR_MAXNAMELEN);
-    memset(entry->reserved, 0, sizeof(entry->reserved));
    bulkentries->prentries_len++;
    return 0;
 }