OpenAFS Master Repository branch, master, updated. openafs-devel-1_5_76-4793-ge63c257

Gerrit Code Review gerrit@openafs.org
Wed, 16 Mar 2016 11:06:02 -0400 

The following commit has been merged in the master branch:
commit b85c5f9339e20d3de9b1316217dadbea41ad537e
Author: Benjamin Kaduk <kaduk@mit.edu>
Date:   Sun Mar 13 12:56:24 2016 -0500

    OPENAFS-SA-2016-002 AFSStoreStatus information leak
    
    Marc Dionne reported that portions of the AFSStoreStatus structure
    were not written to before being sent over the network for
    operations such as create, symlink, etc., leaking the contents
    of the kernel stack to observers.  Which fields in the request
    are used are controlled by a flags field, and so if a field was
    not going to be used by the server, it was sometimes left
    uninitialized.
    
    Fix the information leak by zeroing out the structure before use.
    
    FIXES 132847
    
    Change-Id: I84a5a10442732ebbcb5d5067ca22030fb795168b

 src/WINNT/afsd/cm_dcache.c       |    1 +
 src/afs/VNOPS/afs_vnop_attrs.c   |    3 +++
 src/afs/VNOPS/afs_vnop_create.c  |    1 +
 src/afs/VNOPS/afs_vnop_dirops.c  |    1 +
 src/afs/VNOPS/afs_vnop_symlink.c |    1 +
 src/afs/afs_disconnected.c       |    1 +
 src/afs/afs_segments.c           |    1 +
 src/libafscp/afscp_file.c        |    1 +
 src/venus/afsio.c                |    1 +
 9 files changed, 11 insertions(+), 0 deletions(-)

-- 
OpenAFS Master Repository