OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_16-16-g5ce1027

Gerrit Code Review gerrit@openafs.org
Wed, 16 Mar 2016 11:06:00 -0400


The following commit has been merged in the openafs-stable-1_6_x branch:
commit becf282ecf9bec3f266d4f8403c1e93d22ab455a
Author: Benjamin Kaduk <kaduk@mit.edu>
Date:   Mon Mar 14 23:15:20 2016 -0500

    OPENAFS-SA-2016-002 ListAddrByAttributes information leak
    
    The ListAddrByAttributes structure is used as an input to the GetAddrsU
    RPC; it contains a Mask field that controls which of the other fields
    will actually be read by the server during the RPC processing.
    Unfortunately, the client only wrote to the fields indicated by the
    mask, leaving the other fields uninitialized for transmission on the
    wire, leaking some contents of client memory.
    
    Plug the information leak by zeroing the entire structure before use.
    
    FIXES 132847
    
    Change-Id: Ia7aaccd53db56c7359552b70113f9ae5edbd833e

 src/libadmin/vos/afs_vosAdmin.c |    1 +
 src/venus/cacheout.c            |    1 +
 src/vlserver/vlclient.c         |    2 ++
 3 files changed, 4 insertions(+), 0 deletions(-)

-- 
OpenAFS Master Repository