On Fri, Feb 23, 2018 at 10:11:46AM +0000, Frediano Ziglio wrote: > Depending on how structures are initialised in the code is > possible that implicit padding bytes are not initialised > causing possible information leaks as the entire structure > with all padding is sent through device/network. > > Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx> > --- > spice/stream-device.h | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/spice/stream-device.h b/spice/stream-device.h > index 2e7c50e..b2f83b5 100644 > --- a/spice/stream-device.h > +++ b/spice/stream-device.h > @@ -48,6 +48,8 @@ > * containing integers up to 64 bit. > * All numbers are in little endian format. > * > + * For security reasons structures should not contain implicit paddings. > + * Isn't padding inserted by the compiler going to be platform-dependent anyway? I would say that all structures used in the protocol should be packed. Christophe > * The protocol can be defined by these states: > * - Initial. Device just opened. Guest should wait > * for a message from the host; > -- > 2.14.3 > > _______________________________________________ > Spice-devel mailing list > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > https://lists.freedesktop.org/mailman/listinfo/spice-devel
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel