kopia lustrzana https://gitlab.com/sane-project/backends
Plug an information leak in the net backend.
When sending out a SANE_NET_CONTROL_OPTION RPC for the SANE_ACTION_GET_VALUE action (and SANE_ACTION_SET_AUTO for the network protocol versions < 3), the backend was not clearing the memory area for the value argument before sending it over the network, resulting in an information leak for the SANE_ACTION_GET_VALUE case.merge-requests/1/head
rodzic
fde1551f68
commit
57bfede65b
|
@ -1,5 +1,12 @@
|
|||
2008-04-13 Julien Blache <jb@jblache.org>
|
||||
* frontend/saned.c: fix typo.
|
||||
* backend/net.c: plug an information leak in the net backend. When
|
||||
sending out a SANE_NET_CONTROL_OPTION RPC for the
|
||||
SANE_ACTION_GET_VALUE action (and SANE_ACTION_SET_AUTO for the
|
||||
network protocol versions < 3), the backend was not clearing the
|
||||
memory area for the value argument before sending it over the
|
||||
network, resulting in an information leak for the
|
||||
SANE_ACTION_GET_VALUE case.
|
||||
|
||||
2008-04-12 Mattias Ellert <mattias.ellert@fysast.uu.se>
|
||||
* backend/rts8891.c, backend/rts88xx_lib.c: fix format warning
|
||||
|
|
|
@ -1726,6 +1726,10 @@ sane_control_option (SANE_Handle handle, SANE_Int option,
|
|||
break;
|
||||
}
|
||||
|
||||
/* Avoid leaking memory bits */
|
||||
if (value && (action != SANE_ACTION_SET_VALUE))
|
||||
memset (value, 0, value_size);
|
||||
|
||||
/* for SET_AUTO the parameter ``value'' is ignored */
|
||||
if (action == SANE_ACTION_SET_AUTO)
|
||||
value_size = 0;
|
||||
|
|
|
@ -139,6 +139,7 @@ sanei_w_control_option_req (Wire *w, SANE_Control_Option_Req *req)
|
|||
sanei_w_word (w, &req->handle);
|
||||
sanei_w_word (w, &req->option);
|
||||
sanei_w_word (w, &req->action);
|
||||
|
||||
/* Up to and including version 2, we incorrectly attempted to encode
|
||||
the option value even the action was SANE_ACTION_SET_AUTO. */
|
||||
if (w->version < 3 || req->action != SANE_ACTION_SET_AUTO)
|
||||
|
|
Ładowanie…
Reference in New Issue