OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_23-74-ge654f63
Gerrit Code Review
gerrit@openafs.org
Fri, 14 Sep 2018 09:13:45 -0400
The following commit has been merged in the openafs-stable-1_6_x branch:
commit e573d36b212192b04235dac24f709e7d5784f904
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Tue Jun 26 05:12:32 2018 -0400
OPENAFS-SA-2018-002 butc: prevent TC_DumpStatus, TC_ScanStatus information leaks
TC_ScanStatus (backup status) and TC_GetStatus (internal backup status
watcher) do not initialize their output buffers. They leak memory
contents over the wire:
struct tciStatusS
- up to 64 bytes in member taskName (TC_MAXNAMELEN 64)
- up to 64 bytes in member volumeName "
Initialize the buffers.
[kaduk@mit.edu: move initialization to top of server routines]
(cherry picked from commit be0142707ca54f3de99c4886530e7ac9f48dd61c)
(cherry picked from commit 43b3efd4f8cd3227b2b24ff673adeb834f6a3f0b)
(cherry picked from commit a41b75a13b9a96a929fa69db43fbc4ca071ee717)
Change-Id: Ibe35ca06eb663399f0b9e14d7487d91553cd67c8
src/butc/tcstatus.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
--
OpenAFS Master Repository