OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_23-74-ge654f63

Gerrit Code Review gerrit@openafs.org
Fri, 14 Sep 2018 09:13:45 -0400


The following commit has been merged in the openafs-stable-1_6_x branch:
commit 5c6589b395e35e54f8e7c583ea4d87826a854fba
Author: Mark Vitale <mvitale@sinenomine.net>
Date:   Tue Jun 26 04:39:44 2018 -0400

    OPENAFS-SA-2018-002 budb: prevent BUDB_* information leaks
    
    The following budb RPCs do not initialize their output correctly.
    This leaks buserver memory contents over the wire:
    
    BUDB_FindLatestDump (backup dump)
    BUDB_FindDump (backup volrestore, diskrestore, volsetrestore)
    BUDB_GetDumps (backup dumpinfo)
    BUDB_FindLastTape (backup dump)
    
    struct budb_dumpEntry
    - up to 32 bytes in member volumeSetName
    - up to 256 bytes in member dumpPath
    - up to 32 bytes in member name
    - up to 32 bytes in member tape.tapeServer
    - up to 32 bytes in member tape.format
    - up to 256 bytes in member dumper.name
    - up to 128 bytes in member dumper.instance
    - up to 256 bytes in member dumper.cell
    
    Initialize the buffer in common routine FillDumpEntry.
    
    (cherry picked from commit e96771471134102d3879a0ac8b2c4ef9d91a61b8)
    
    (cherry picked from commit 6f26a945adeca87b669282eed0eaca3dca0a1423)
    
    (cherry picked from commit b4543ae2331fae6d70c067d86d20bfbc8d509468)
    
    Change-Id: I713f967eebc1286764b9658ff4ddccb65f456480

 src/budb/procs.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

-- 
OpenAFS Master Repository