On Fri, 20 Jun 2008, James Bottomley wrote: > > In this case the fill data is getting treated as real data. Does this > > clarify the situation? > > Yes, thanks. It's a bit nasty from a security point of view, since the > leaking data apparently belonged to a different command. Indeed; the data belonged to the previous command. It definitely is a security hole. > Wouldn't a > better fix (and a more secure one) be to clear from the end of the valid > data to the end of the buffer? It certainly would be easier and shorter. I'll send in a patch to do it next week. Whether it would be _better_ is a question of taste. I don't really like the idea of telling a caller "Here's your data. Some of it is valid (but we're not going to tell you how much) and the rest is set to 0. Do the best you can with it." What if somebody had preset their buffer to some value other than 0? Alan Stern -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
