[fprint] Minor security hole in libfprint (with fix included)
Alan Davidson
alan at key.me
Fri Aug 19 16:49:33 UTC 2016
Thanks for taking a look! and thanks for maintaining this library; it's
very useful.
- Alan
On Fri, Aug 19, 2016 at 1:56 AM, Vasily Khoruzhick <anarsoul at gmail.com>
wrote:
> Hi Alan,
>
> Thanks for your e-mail and patch.
>
> I expect it to be in worst case some re-used memory of libfprint, so
> it's not really a security leak, since the only sensitive information
> is saved to the disk. But I'll take your patch.
>
> Regards,
> Vasily
>
> On Thu, Aug 18, 2016 at 3:01 PM, Alan Davidson <alan at key.me> wrote:
> > Hi libfprint folks -
> >
> > I was enrolling fingerprints and saving the data to files (using
> > fp_print_data_get_data), when I noticed that the data section for the
> > minutiae had interesting stuff in the unused parts. This is to say, the
> > xyt_struct (from bozorth.h) allocates space for 200 minutiae, and if I
> only
> > use 50 of them, the other 150 are still allocated and have stuff in them.
> > These values come from things that were previously allocated and
> deallocated
> > on the heap, and the data is still there because it wasn't zeroed out
> when
> > we re-allocated it.
> >
> > I think it should be zeroed out, to prevent leaking whatever used to be
> in
> > this memory. What do you think? It's a very easy change; see the commit
> at
> > [1], though I'm unclear how to transfer it to your repo. Without this
> > change, enrolled fingerprints saved to file on my computer have non-null
> > data in the unused minutiae, and with it, all the unused minutiae are
> full
> > of null bytes.
> >
> > A little more detail: this happens in fpi_img_to_print_data (in img.c),
> when
> > we create a new item to store the minutiae in xyt format. The data is
> later
> > copied wholesale into the output buffer in fp_print_data_get_data.
> >
> > Thanks for taking a look!
> >
> > - Alan
> >
> > [1]
> > https://github.com/keyme/libfprint/commit/1b71aff9ea389c427f9f8bfaabf8aa
> 0acde37269
> >
> > _______________________________________________
> > fprint mailing list
> > fprint at lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/fprint
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/fprint/attachments/20160819/7667f255/attachment.html>
More information about the fprint
mailing list