[fprint] Minor security hole in libfprint (with fix included)

Alan Davidson alan at key.me
Thu Aug 18 22:01:47 UTC 2016


Hi libfprint folks -

I was enrolling fingerprints and saving the data to files (using
fp_print_data_get_data), when I noticed that the data section for the
minutiae had interesting stuff in the unused parts. This is to say, the
xyt_struct (from bozorth.h) allocates space for 200 minutiae, and if I only
use 50 of them, the other 150 are still allocated and have stuff in them.
These values come from things that were previously allocated and
deallocated on the heap, and the data is still there because it wasn't
zeroed out when we re-allocated it.

I think it should be zeroed out, to prevent leaking whatever used to be in
this memory. What do you think? It's a very easy change; see the commit at
[1], though I'm unclear how to transfer it to your repo. Without this
change, enrolled fingerprints saved to file on my computer have non-null
data in the unused minutiae, and with it, all the unused minutiae are full
of null bytes.

A little more detail: this happens in fpi_img_to_print_data (in img.c),
when we create a new item to store the minutiae in xyt format. The data is
later copied wholesale into the output buffer in fp_print_data_get_data.

Thanks for taking a look!

 - Alan

[1]
https://github.com/keyme/libfprint/commit/1b71aff9ea389c427f9f8bfaabf8aa0acde37269
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/fprint/attachments/20160818/ab8f015e/attachment.html>


More information about the fprint mailing list