OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_23-74-ge654f63

Gerrit Code Review gerrit@openafs.org
Fri, 14 Sep 2018 09:13:45 -0400


The following commit has been merged in the openafs-stable-1_6_x branch:
commit c72abcde2c6fcafc9ab940a74f2384a159eaee98
Author: Mark Vitale <mvitale@sinenomine.net>
Date:   Tue Jun 26 03:56:24 2018 -0400

    OPENAFS-SA-2018-002 afs: prevent RXAFSCB_TellMeAboutYourself information leak
    
    RXAFSCB_TellMeAboutYourself does not completely initialize its output
    buffers.  This leaks kernel memory over the wire:
    
    struct interfaceAddr
    Unix cache manager (libafs)
    - up to 124 bytes in array addr_in ((AFS_MAX_INTERFACE_ADDR 32 * 4) - 4))
    - up to 124 bytes in array subnetmask	"
    - up to 124 bytes in array mtu		"
    
    Windows cache manager
    - 64 bytes in array addr_in ((AFS_MAX_INTERFACE_ADDR 32 - CM_MAXINTERFACE_ADDR 16)* 4)
    - 64 bytes in array subnetmask	"
    - 64 bytes in array mtu         "
    
    The following implementations of SRXAFSCB_TellMeAboutYourself are not susceptible:
    - fsprobe
    - libafscp
    - xstat_fs_test
    
    Initialize the buffer.
    
    (cherry picked from commit 211b6d6a4307006da1467b3be46912a3a5d7b20b)
    
    (cherry picked from commit a6557ffa64d8fab3526c4f89629dcbb965a27780)
    
    (cherry picked from commit 0dbbcc9ac62425618a3a3a28ee05eba2507f6efd)
    
    Change-Id: Ic977c8a473df12f64d2865cd68f1f42744b57d9e

 src/WINNT/afsd/cm_callback.c |    1 +
 src/afs/afs_callback.c       |    1 +
 2 files changed, 2 insertions(+), 0 deletions(-)

-- 
OpenAFS Master Repository