Plug an information leak in the net backend.

When sending out a SANE_NET_CONTROL_OPTION RPC for the SANE_ACTION_GET_VALUE
action (and SANE_ACTION_SET_AUTO for the network protocol versions < 3), the
backend was not clearing the memory area for the value argument before
sending it over the network, resulting in an information leak for the
SANE_ACTION_GET_VALUE case.

ChangeLog

@@ -1,5 +1,12 @@
 2008-04-13  Julien Blache <jb@jblache.org>
 	* frontend/saned.c: fix typo.
+	* backend/net.c: plug an information leak in the net backend. When
+	sending out a SANE_NET_CONTROL_OPTION RPC for the
+	SANE_ACTION_GET_VALUE action (and SANE_ACTION_SET_AUTO for the
+	network protocol versions < 3), the backend was not clearing the
+	memory area for the value argument before sending it over the
+	network, resulting in an information leak for the
+	SANE_ACTION_GET_VALUE case.
 
 2008-04-12  Mattias Ellert <mattias.ellert@fysast.uu.se>
 	* backend/rts8891.c, backend/rts88xx_lib.c: fix format warning

backend/net.c

@@ -1726,6 +1726,10 @@ sane_control_option (SANE_Handle handle, SANE_Int option,
       break;
     }
 
+  /* Avoid leaking memory bits */
+  if (value && (action != SANE_ACTION_SET_VALUE))
+    memset (value, 0, value_size);
+
   /* for SET_AUTO the parameter ``value'' is ignored */
   if (action == SANE_ACTION_SET_AUTO)
     value_size = 0;

sanei/sanei_net.c

@@ -139,6 +139,7 @@ sanei_w_control_option_req (Wire *w, SANE_Control_Option_Req *req)
   sanei_w_word (w, &req->handle);
   sanei_w_word (w, &req->option);
   sanei_w_word (w, &req->action);
+
   /* Up to and including version 2, we incorrectly attempted to encode
      the option value even the action was SANE_ACTION_SET_AUTO.  */
   if (w->version < 3 || req->action != SANE_ACTION_SET_AUTO)