[Spice-devel] [PATCH spice-protocol] stream-device: Specify how padding shoud be inside new structures
Christophe Fergeau
cfergeau at redhat.com
Fri Feb 23 10:31:52 UTC 2018
On Fri, Feb 23, 2018 at 10:11:46AM +0000, Frediano Ziglio wrote:
> Depending on how structures are initialised in the code is
> possible that implicit padding bytes are not initialised
> causing possible information leaks as the entire structure
> with all padding is sent through device/network.
>
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> ---
> spice/stream-device.h | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/spice/stream-device.h b/spice/stream-device.h
> index 2e7c50e..b2f83b5 100644
> --- a/spice/stream-device.h
> +++ b/spice/stream-device.h
> @@ -48,6 +48,8 @@
> * containing integers up to 64 bit.
> * All numbers are in little endian format.
> *
> + * For security reasons structures should not contain implicit paddings.
> + *
Isn't padding inserted by the compiler going to be platform-dependent
anyway? I would say that all structures used in the protocol should be
packed.
Christophe
> * The protocol can be defined by these states:
> * - Initial. Device just opened. Guest should wait
> * for a message from the host;
> --
> 2.14.3
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20180223/74b6145e/attachment.sig>
More information about the Spice-devel
mailing list