On 01/03/2022 09:17, [email protected] wrote:
> From: Minghao Chi (CGEL ZTE) <[email protected]>
>
> Use memset to initialize structs to preventing infoleaks
> in nci_set_config
>
> Reported-by: Zeal Robot <[email protected]>
> Signed-off-by: Minghao Chi (CGEL ZTE) <[email protected]>
> ---
> net/nfc/nci/core.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
> index d2537383a3e8..32be42be1152 100644
> --- a/net/nfc/nci/core.c
> +++ b/net/nfc/nci/core.c
> @@ -641,6 +641,7 @@ int nci_set_config(struct nci_dev *ndev, __u8 id, size_t len, const __u8 *val)
> if (!val || !len)
> return 0;
>
> + memset(¶m, 0x0, sizeof(param));
> param.id = id;
> param.len = len;
> param.val = val;
The entire 'param' is overwritten in later code, so what could leak here?
Best regards,
Krzysztof
hello sir
I think this way: On 64-bit systems, struct nci_set_config_param has
an added padding of 7 bytes between struct members id and len. Even
though all struct members are initialized, the 7-byte hole will
contain data from the kernel stack.
thanks
Minghao