Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp3576037pxm; Tue, 1 Mar 2022 00:46:52 -0800 (PST) X-Google-Smtp-Source: ABdhPJxZ4mahwuF4pDkz0i9VKZnbmUkYY3XH8GHs7h3R3H/YQsU1xdF+Yp4hr9aRyK/3A+p0DOHM X-Received: by 2002:a63:5d0a:0:b0:377:1ad7:5be1 with SMTP id r10-20020a635d0a000000b003771ad75be1mr16884366pgb.576.1646124412416; Tue, 01 Mar 2022 00:46:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646124412; cv=none; d=google.com; s=arc-20160816; b=EQwsSaHav3rXcUXTW2IPuR81c9GE94wTcyxQjE2OuCHwQ8Z0baCwQIg9lGCqB6EuM6 MYTxh1XnlXkcpN1R/vUdZO6QAkUoaWfYegK8+5fG5X8p1NOgO2N5uhjHPD/5NaGxNuu8 AFFqE256wTWSVUq5d5e3TfpJWhTOMuEzxiQat5QaNIhOz3x4FcxqTSLTPkolMtCbUQt7 CFx89tY8oL3FUJDZTrJoeLQT45GOiU3xjf88R8DwKp7S2Z8JacunP2ZH5vLFzj0S3cdi dbtmemgWN6j+iUxxWoepR8HfsMcI4F0/U9bHLuaGuNJl3vmfCuSzfbLDY6HRkLrZvh46 zPPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:references :cc:to:from:content-language:subject:user-agent:mime-version:date :message-id:dkim-signature; bh=UT1Wzz4wpktDA/wQ5edeBOYkNXdbIzJM75NIJS96iDU=; b=aOn/6Si9Mq8CxZa7I9XarOLJiKFK1D6ZhTBN8tqzjFJjnVL6BeVs6BCatAXKayg1/I 27CM4ML9CZ205mrYYL2p/hVtVx0C7krpg5J/ESOUFdmd7yS2CLNGs1wIptSRIA+j/CJE Z1Pe7Bilpu7H2jvMv496iypdeb8tDTqNj5JBISA8rPnAZSwU8OE3miEnDwYVQ5Rh9CXh sX72zgt80TbBPZhSqW3vKZBIAX8inYY28ys7m177NaeQEVSujqq+oYiHz0fkmQ6Imp+u 5OC5WYVtAITovx+YVGoUByAPxqUn4nkRFdHnMgNn+xF1OXSE5o0TWre/vRwtSyWk7mJn z6wA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b="sh/h1Hi+"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 2-20020a631242000000b00378b8a9172esi4390244pgs.448.2022.03.01.00.46.37; Tue, 01 Mar 2022 00:46:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b="sh/h1Hi+"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233417AbiCAIee (ORCPT + 99 others); Tue, 1 Mar 2022 03:34:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35242 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233398AbiCAIea (ORCPT ); Tue, 1 Mar 2022 03:34:30 -0500 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A07F928E14 for ; Tue, 1 Mar 2022 00:33:49 -0800 (PST) Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 65152407C6 for ; Tue, 1 Mar 2022 08:33:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1646123628; bh=UT1Wzz4wpktDA/wQ5edeBOYkNXdbIzJM75NIJS96iDU=; h=Message-ID:Date:MIME-Version:Subject:From:To:Cc:References: In-Reply-To:Content-Type; b=sh/h1Hi+4ppq/rrzJBBzGo+h8iwOrieah+AwF+Cn+smJOFrmXgrjPjKeyZS6cIYoI yV86CvKmw1E2joRhvZHpKWH3PP3QNVufMx+jUTQZrUDaQ4ZYTOHjoq8AygUtADymYt MHrCt1jeH7HcLZ06LOlsM+fM1N8Epl95n0fSvaCTiocG/zmMx0aF3VCXi90Sv1JnWW 6SzGF5H3Jj3yRSNOguatl4BxxHZOecXyhl00AVCW86EB3/ftafkmEwg4tA13evNU7K Ve48ve16M9qHDJxsAoNDwL/6i/Lqhm/nusDy53eeQ73IRkttEZaG4IrgJlLSkk3zHY mV2QnaWNCrvjA== Received: by mail-ej1-f71.google.com with SMTP id la22-20020a170907781600b006a7884de505so6484281ejc.7 for ; Tue, 01 Mar 2022 00:33:48 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:from:to:cc:references:in-reply-to :content-transfer-encoding; bh=UT1Wzz4wpktDA/wQ5edeBOYkNXdbIzJM75NIJS96iDU=; b=5irBmR40Lhs0yq4tn1HM6oMs2sU0pqwU7d0JhXh+hJ+iMXH9mBUhyRmS7siFxXJ3wM v7vlgqmzd1s7roqasJJFPhDMMIyi5QL0l+fqcHUXmyed3VIpEk7BBQkWzwpH8q7KPwwN B8Gt3413ng3tPcKrNgw+/dukMDsC0FJhSvSsoA+ug1fiBhVorN85G7uzbIE+VxtqELBv Kf/q7UJL5W40nGqgWPn0kUU9/B86IKRgWDlnNsNqDOZA7lEdXhZ/r6kBR5zAP2Rx35Pn DT0/6xvt0v/7AfmooPnlaA/f7tICq0//mEtBuQDdmaM3VesXgXG2nIhOknKFDmjl7Fge NJAw== X-Gm-Message-State: AOAM533mOwiZFh+25xOICjyItfVcAij+pzvy7nYMEqbFM0iVdMnGYdNe zCGw23CVZWX+tIAOZ5WWKw2OjNB0K2MPJWqHpReiz5e7tYuytGf7d99kBOFLkFXb04mksxPC7SC XJ2t91ABFZx16XWrcuWeewGwD1U36sGmNFzEmclqYdA== X-Received: by 2002:a50:fe14:0:b0:410:8621:6e0c with SMTP id f20-20020a50fe14000000b0041086216e0cmr22830643edt.356.1646123627831; Tue, 01 Mar 2022 00:33:47 -0800 (PST) X-Received: by 2002:a50:fe14:0:b0:410:8621:6e0c with SMTP id f20-20020a50fe14000000b0041086216e0cmr22830629edt.356.1646123627627; Tue, 01 Mar 2022 00:33:47 -0800 (PST) Received: from [192.168.0.135] (xdsl-188-155-181-108.adslplus.ch. [188.155.181.108]) by smtp.gmail.com with ESMTPSA id a21-20020a170906275500b006d10c07fabesm5100378ejd.201.2022.03.01.00.33.46 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 01 Mar 2022 00:33:47 -0800 (PST) Message-ID: <926ccc54-6388-37be-0064-df3fd3972da2@canonical.com> Date: Tue, 1 Mar 2022 09:33:46 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: [PATCH] net/nfc/nci: use memset avoid infoleaks Content-Language: en-US From: Krzysztof Kozlowski To: cgel.zte@gmail.com Cc: davem@davemloft.net, kuba@kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Minghao Chi , Zeal Robot References: <20220301081750.2053246-1-chi.minghao@zte.com.cn> <664af071-badf-5cc9-c065-c702b0c8a13d@canonical.com> In-Reply-To: <664af071-badf-5cc9-c065-c702b0c8a13d@canonical.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01/03/2022 09:20, Krzysztof Kozlowski wrote: > On 01/03/2022 09:17, cgel.zte@gmail.com wrote: >> From: Minghao Chi (CGEL ZTE) >> >> Use memset to initialize structs to preventing infoleaks >> in nci_set_config >> >> Reported-by: Zeal Robot One more thing. This report seems to be hidden, not public. Reported-by tag means someone reported something and you want to give credits for that. Using internal tool in a hidden, secret, non-public way does not fit open-source collaboration method. What is more: the email is invalid. "User unknown id" >> Signed-off-by: Minghao Chi (CGEL ZTE) >> --- >> net/nfc/nci/core.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c >> index d2537383a3e8..32be42be1152 100644 >> --- a/net/nfc/nci/core.c >> +++ b/net/nfc/nci/core.c >> @@ -641,6 +641,7 @@ int nci_set_config(struct nci_dev *ndev, __u8 id, size_t len, const __u8 *val) >> if (!val || !len) >> return 0; >> >> + memset(¶m, 0x0, sizeof(param)); >> param.id = id; >> param.len = len; >> param.val = val; > > The entire 'param' is overwritten in later code, so what could leak here? > > Best regards, > Krzysztof Best regards, Krzysztof