OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_23-74-ge654f63

Gerrit Code Review gerrit@openafs.org
Fri, 14 Sep 2018 09:13:45 -0400


The following commit has been merged in the openafs-stable-1_6_x branch:
commit e573d36b212192b04235dac24f709e7d5784f904
Author: Mark Vitale <mvitale@sinenomine.net>
Date:   Tue Jun 26 05:12:32 2018 -0400

    OPENAFS-SA-2018-002 butc: prevent TC_DumpStatus, TC_ScanStatus information leaks
    
    TC_ScanStatus (backup status) and TC_GetStatus (internal backup status
    watcher) do not initialize their output buffers.  They leak memory
    contents over the wire:
    
    struct tciStatusS
    - up to 64 bytes in member taskName (TC_MAXNAMELEN 64)
    - up to 64 bytes in member volumeName  "
    
    Initialize the buffers.
    
    [kaduk@mit.edu: move initialization to top of server routines]
    
    (cherry picked from commit be0142707ca54f3de99c4886530e7ac9f48dd61c)
    
    (cherry picked from commit 43b3efd4f8cd3227b2b24ff673adeb834f6a3f0b)
    
    (cherry picked from commit a41b75a13b9a96a929fa69db43fbc4ca071ee717)
    
    Change-Id: Ibe35ca06eb663399f0b9e14d7487d91553cd67c8

 src/butc/tcstatus.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

-- 
OpenAFS Master Repository