OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_23-74-ge654f63

Gerrit Code Review gerrit@openafs.org
Fri, 14 Sep 2018 09:13:44 -0400


The following commit has been merged in the openafs-stable-1_6_x branch:
commit 50ba59fb4404af93c58e095b57f1d33de8b05899
Author: Mark Vitale <mvitale@sinenomine.net>
Date:   Mon Jun 25 18:03:12 2018 -0400

    OPENAFS-SA-2018-002 ptserver: prevent PR_IDToName information leak
    
    SPR_IDToName does not completely initialize the return array of names,
    and thus leaks information from ptserver memory:
    
    - up to 62 bytes per requested id (PR_MAXNAMELEN 64 - 'a\0')
    
    Use calloc to ensure that all memory sent on the wire is initialized,
    preventing the information leak.
    
    [kaduk@mit.edu: switch to calloc; update commit message]
    
    (cherry picked from commit 70b0136d552a0077d3fae68f3aebacd985abd522)
    
    (cherry picked from commit c8c8682bb0e84ee5289fac3063119ae524773f61)
    
    (cherry picked from commit 40343287fbca6f4b1098f5b60ef9ff5416376b08)
    
    Change-Id: I793ccc2f3595344e72e9b4ba948a2266f1c4c0a5

 src/ptserver/ptprocs.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

-- 
OpenAFS Master Repository