> On 23 Feb 2018, at 11:31, Christophe Fergeau <cfergeau@xxxxxxxxxx> wrote: > > On Fri, Feb 23, 2018 at 10:11:46AM +0000, Frediano Ziglio wrote: >> Depending on how structures are initialised in the code is >> possible that implicit padding bytes are not initialised >> causing possible information leaks as the entire structure >> with all padding is sent through device/network. >> >> Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx> >> --- >> spice/stream-device.h | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/spice/stream-device.h b/spice/stream-device.h >> index 2e7c50e..b2f83b5 100644 >> --- a/spice/stream-device.h >> +++ b/spice/stream-device.h >> @@ -48,6 +48,8 @@ >> * containing integers up to 64 bit. >> * All numbers are in little endian format. >> * >> + * For security reasons structures should not contain implicit paddings. >> + * > > Isn't padding inserted by the compiler going to be platform-dependent anyway? That is my concern too. > I would say that all structures used in the protocol should be packed. I would also specify that what is sent is little-endian. While on x86, there is only one endianness, some platforms, e.g. Itanium, are bi-endian, so it is theoretically possible for the host to be big and the guest to be little for example. OK, I know, Itanium… :-) > > Christophe > >> * The protocol can be defined by these states: >> * - Initial. Device just opened. Guest should wait >> * for a message from the host; >> -- >> 2.14.3 >> >> _______________________________________________ >> Spice-devel mailing list >> Spice-devel@xxxxxxxxxxxxxxxxxxxxx >> https://lists.freedesktop.org/mailman/listinfo/spice-devel > _______________________________________________ > Spice-devel mailing list > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > https://lists.freedesktop.org/mailman/listinfo/spice-devel _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel