jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-31 05:27:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

OPENAFS-SA-2018-002 budb: prevent BUDB_* information leaks

Browse Source 
The following budb RPCs do not initialize their output correctly.
This leaks buserver memory contents over the wire:

BUDB_FindLatestDump (backup dump)
BUDB_FindDump (backup volrestore, diskrestore, volsetrestore)
BUDB_GetDumps (backup dumpinfo)
BUDB_FindLastTape (backup dump)

struct budb_dumpEntry
- up to 32 bytes in member volumeSetName
- up to 256 bytes in member dumpPath
- up to 32 bytes in member name
- up to 32 bytes in member tape.tapeServer
- up to 32 bytes in member tape.format
- up to 256 bytes in member dumper.name
- up to 128 bytes in member dumper.instance
- up to 256 bytes in member dumper.cell

Initialize the buffer in common routine FillDumpEntry.

(cherry picked from commit e96771471134102d3879a0ac8b2c4ef9d91a61b8)

Change-Id: I85ec8a21966386baa8243326072e5730726cba96
This commit is contained in:
Mark Vitale 2018-06-26 04:39:44 -04:00 committed by Benjamin Kaduk
parent a6557ffa64
commit 6f26a945ad
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/budb/procs.c
View File

@ -424,6 +424,7 @@ FillDumpEntry(struct ubik_trans *ut, dbadr da, void *rock)
struct budb_dumpEntry *dump = (struct budb_dumpEntry *)rock;
struct dump d, ad;
memset(dump, 0, sizeof(*dump));
if (dbread(ut, da, &d, sizeof(d)))
return BUDB_IO;
dump->id = ntohl(d.id);