OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_23-74-ge654f63

Gerrit Code Review gerrit@openafs.org
Fri, 14 Sep 2018 09:13:44 -0400


The following commit has been merged in the openafs-stable-1_6_x branch:
commit c67fe473f7a8710c2cebbcc4d4b767ba152342f0
Author: Mark Vitale <mvitale@sinenomine.net>
Date:   Tue Jun 26 03:00:02 2018 -0400

    OPENAFS-SA-2018-002 volser: prevent AFSVolMonitor information leak
    
    AFSVolMonitor (vos status) does not properly initialize its output
    buffers.  This leaks information from volserver memory:
    
    struct transDebugInfo
    - up to 29 bytes in member lastProcName (30-'\0')
    - 16 bytes in members readNext, tranmitNext, lastSendTime,
      lastReceiveTime
    
    Initialize the buffers.  This must be done on a per-buffer basis inside
    the loop, since realloc is used to expand the storage if needed,
    and there is not a standard realloc API to zero the newly allocated storage.
    
    [kaduk@mit.edu: update commit message]
    
    (cherry picked from commit 26924fd508b21bb6145e77dc31b6cd0923193b72)
    
    (cherry picked from commit 2d22756de7af2c72b8aca6969825f8e921f01d6c)
    
    (cherry picked from commit 37cbe68577d39241a2d5a1fe75e8a0490516dfc4)
    
    Change-Id: I1eab9e35207fed5d151c70962c00b6fa8ac7da58

 src/volser/volprocs.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

-- 
OpenAFS Master Repository