Depending on how structures are initialised in the code is possible that implicit padding bytes are not initialised causing possible information leaks as the entire structure with all padding is sent through device/network. Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx> --- spice/stream-device.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/spice/stream-device.h b/spice/stream-device.h index 2e7c50e..b2f83b5 100644 --- a/spice/stream-device.h +++ b/spice/stream-device.h @@ -48,6 +48,8 @@ * containing integers up to 64 bit. * All numbers are in little endian format. * + * For security reasons structures should not contain implicit paddings. + * * The protocol can be defined by these states: * - Initial. Device just opened. Guest should wait * for a message from the host; -- 2.14.3 _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel