> > > On 23 Feb 2018, at 11:11, Frediano Ziglio <fziglio@xxxxxxxxxx> wrote: > > > > Depending on how structures are initialised in the code is > > possible that implicit padding bytes are not initialised > > causing possible information leaks as the entire structure > > with all padding is sent through device/network. > > > > Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx> > > --- > > spice/stream-device.h | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/spice/stream-device.h b/spice/stream-device.h > > index 2e7c50e..b2f83b5 100644 > > --- a/spice/stream-device.h > > +++ b/spice/stream-device.h > > @@ -48,6 +48,8 @@ > > * containing integers up to 64 bit. > > * All numbers are in little endian format. > > * > > + * For security reasons structures should not contain implicit paddings. > > Acked-by: Christophe de Dinechin <dinechin@xxxxxxxxxx> > > > + * > > * The protocol can be defined by these states: > > * - Initial. Device just opened. Guest should wait > > * for a message from the host; I actually nack myself. "naturally aligned" already requires this so this is not adding much but only confusing, unless was an explanation for the terminology which indeed is not common. Frediano _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel