OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_23-74-ge654f63

Fri, 14 Sep 2018 09:13:44 -0400

The following commit has been merged in the openafs-stable-1_6_x branch:
commit 4279e1f18026c3e8a38461da612902829484acc5
Author: Mark Vitale <mvitale@sinenomine.net>
Date:   Tue Jun 26 02:33:05 2018 -0400

    OPENAFS-SA-2018-002 volser: prevent AFSVolPartitionInfo(64) information leak
    
    AFSVolPartitionInfo and AFSVolPartitionInfo64 (vos partinfo) do not
    properly initialize their reply buffers.  This leaks the contents of
    volserver memory over the wire:
    
    AFSVolPartitionInfo (struct diskPartition)
    - up to 24 bytes in member name (32-'/vicepa\0'))
    - up to 12 bytes in member devName (32-'/vicepa/Lock/vicepa\0'))
    
    AFSVolPartitionInfo64 (struct diskPartition64)
    - up to 248 bytes in member name (256-'/vicepa\0'))
    - up to 236 bytes in member devName (256-'/vicepa/Lock/vicepa\0')
    
    Initialize the output buffers.
    
    [kaduk@mit.edu: move memset to top-level function scope of RPC handlers]
    
    (cherry picked from commit 76e62c1de868c2b2e3cc56a35474e15dc4cc1551)
    
    (cherry picked from commit 28edf734db08d3a8285e89d9d78aa21db726e4c7)
    
    (cherry picked from commit f1c9c0160e364b4935fbb758890fcf5dc0edad4a)
    
    Change-Id: I48348b326f0933a0fcb556425f085abad36d3bea

 src/volser/volprocs.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

-- 
OpenAFS Master Repository