OpenAFS Master Repository branch, openafs-stable-1_8_x, updated. openafs-stable-1_8_2

Gerrit Code Review gerrit@openafs.org
Tue, 11 Sep 2018 15:00:50 -0400


The following commit has been merged in the openafs-stable-1_8_x branch:
commit 6f26a945adeca87b669282eed0eaca3dca0a1423
Author: Mark Vitale <mvitale@sinenomine.net>
Date:   Tue Jun 26 04:39:44 2018 -0400

    OPENAFS-SA-2018-002 budb: prevent BUDB_* information leaks
    
    The following budb RPCs do not initialize their output correctly.
    This leaks buserver memory contents over the wire:
    
    BUDB_FindLatestDump (backup dump)
    BUDB_FindDump (backup volrestore, diskrestore, volsetrestore)
    BUDB_GetDumps (backup dumpinfo)
    BUDB_FindLastTape (backup dump)
    
    struct budb_dumpEntry
    - up to 32 bytes in member volumeSetName
    - up to 256 bytes in member dumpPath
    - up to 32 bytes in member name
    - up to 32 bytes in member tape.tapeServer
    - up to 32 bytes in member tape.format
    - up to 256 bytes in member dumper.name
    - up to 128 bytes in member dumper.instance
    - up to 256 bytes in member dumper.cell
    
    Initialize the buffer in common routine FillDumpEntry.
    
    (cherry picked from commit e96771471134102d3879a0ac8b2c4ef9d91a61b8)
    
    Change-Id: I85ec8a21966386baa8243326072e5730726cba96

 src/budb/procs.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

-- 
OpenAFS Master Repository