[Spice-devel] [PATCH spice-protocol] stream-device: Specify how padding shoud be inside new structures

[Christophe de Dinechin]

> On 23 Feb 2018, at 11:31, Christophe Fergeau <cfergeau at redhat.com> wrote:
> 
> On Fri, Feb 23, 2018 at 10:11:46AM +0000, Frediano Ziglio wrote:
>> Depending on how structures are initialised in the code is
>> possible that implicit padding bytes are not initialised
>> causing possible information leaks as the entire structure
>> with all padding is sent through device/network.
>> 
>> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
>> ---
>> spice/stream-device.h | 2 ++
>> 1 file changed, 2 insertions(+)
>> 
>> diff --git a/spice/stream-device.h b/spice/stream-device.h
>> index 2e7c50e..b2f83b5 100644
>> --- a/spice/stream-device.h
>> +++ b/spice/stream-device.h
>> @@ -48,6 +48,8 @@
>>  * containing integers up to 64 bit.
>>  * All numbers are in little endian format.
>>  *
>> + * For security reasons structures should not contain implicit paddings.
>> + *
> 
> Isn't padding inserted by the compiler going to be platform-dependent anyway?

That is my concern too.

> I would say that all structures used in the protocol should be packed.

I would also specify that what is sent is little-endian. While on x86, there is only one endianness, some platforms, e.g. Itanium, are bi-endian, so it is theoretically possible for the host to be big and the guest to be little for example. OK, I know, Itanium… :-)

> 
> Christophe
> 
>>  * The protocol can be defined by these states:
>>  * - Initial. Device just opened. Guest should wait
>>  *   for a message from the host;
>> -- 
>> 2.14.3
>> 
>> _______________________________________________
>> Spice-devel mailing list
>> Spice-devel at lists.freedesktop.org
>> https://lists.freedesktop.org/mailman/listinfo/spice-devel
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel