From 45243cbb00ea8b6f002a2804bea6e1718cdd1ff4 Mon Sep 17 00:00:00 2001
From: Daria Brashear <shadow@your-file-system.com>
Date: Wed, 8 Jul 2015 13:51:47 -0400
Subject: [PATCH 1/6] vos: Clear nvldbentry before sending on the wire

Don't leak stack data onto the wire. Clear nvldbentry before use.

FIXES 131907 (CVE-2015-3282)

(cherry picked from commit 97aa1caec396ff0c3ff30e6f9e359c91d26e9eb0)
(cherry picked from commit 888c21f454be96b6855a2bb7ef1d8f468c5cd841)

Change-Id: I5f89723f6de654c24722aeb8075b7d14552cbed8
---
 src/volser/vos.c     |    2 ++
 src/volser/vsprocs.c |    8 ++++++++
 2 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/src/volser/vos.c b/src/volser/vos.c
index 757c4a3..a385ad9 100644
--- a/src/volser/vos.c
+++ b/src/volser/vos.c
@@ -5411,6 +5411,8 @@ ConvertRO(register struct cmd_syndesc *as, void *arock)
     struct rx_connection *aconn;
     char c, dc;
 
+    memset(&storeEntry, 0, sizeof(struct nvldbentry));
+
     server = GetServer(as->parms[0].items->data);
     if (!server) {
 	fprintf(STDERR, "vos: host '%s' not found in host table\n",
diff --git a/src/volser/vsprocs.c b/src/volser/vsprocs.c
index 38571e8..7dbbcbc 100644
--- a/src/volser/vsprocs.c
+++ b/src/volser/vsprocs.c
@@ -683,6 +683,8 @@ UV_CreateVolume3(afs_int32 aserver, afs_int32 apart, char *aname,
     aconn = (struct rx_connection *)0;
     error = 0;
 
+    memset(&storeEntry, 0, sizeof(struct nvldbentry));
+
     init_volintInfo(&tstatus);
     tstatus.maxquota = aquota;
 
@@ -809,6 +811,8 @@ UV_AddVLDBEntry(afs_int32 aserver, afs_int32 apart, char *aname,
     afs_int32 vcode;
     struct nvldbentry entry, storeEntry;	/*the new vldb entry */
 
+    memset(&storeEntry, 0, sizeof(struct nvldbentry));
+
     aconn = (struct rx_connection *)0;
     error = 0;
 
@@ -867,6 +871,8 @@ UV_DeleteVolume(afs_int32 aserver, afs_int32 apart, afs_int32 avolid)
     afs_int32 avoltype = -1, vtype;
     int notondisk = 0, notinvldb = 0;
 
+    memset(&storeEntry, 0, sizeof(struct nvldbentry));
+
     /* Find and read bhe VLDB entry for this volume */
     code = ubik_VL_SetLock(cstruct, 0, avolid, avoltype, VLOP_DELETE);
     if (code) {
@@ -7166,6 +7172,8 @@ MapNetworkToHost(struct nvldbentry *old, struct nvldbentry *new)
 {
     int i, count;
 
+    memset(new, 0, sizeof(struct nvldbentry));
+
     /*copy all the fields */
     strcpy(new->name, old->name);
 /*    new->volumeType = old->volumeType;*/
-- 
1.7.1