| Message ID | 20200104054127.14108-1-laurent.pinchart@ideasonboard.com |
|---|---|
| State | Accepted |
| Commit | a0c31b2ca39fdf06364553194ce725c4912265b3 |
| Headers | show |
| Series |
|
| Related | show |
Hi Laurent, Thanks for your patch. On 2020-01-04 07:41:27 +0200, Laurent Pinchart wrote: > IPCUnixSocket::send() sends a IPCUnixSocket::Header allocated on the > stack. All the fields of the header are initialized, but the padding > bytes are not. This results in random data being sent over the UNIX > socket, potentially leaking information. > > Fix this by initializing the whole header to 0. > > Fixes: 13dd7a01ecbe ("libcamera: ipc: unix: Add a IPC mechanism based on Unix sockets") > Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se> > --- > src/libcamera/ipc_unixsocket.cpp | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/libcamera/ipc_unixsocket.cpp b/src/libcamera/ipc_unixsocket.cpp > index def08eef00f8..eb1a50239188 100644 > --- a/src/libcamera/ipc_unixsocket.cpp > +++ b/src/libcamera/ipc_unixsocket.cpp > @@ -172,7 +172,7 @@ int IPCUnixSocket::send(const Payload &payload) > if (!isBound()) > return -ENOTCONN; > > - Header hdr; > + Header hdr = {}; > hdr.data = payload.data.size(); > hdr.fds = payload.fds.size(); > > -- > Regards, > > Laurent Pinchart > > _______________________________________________ > libcamera-devel mailing list > libcamera-devel@lists.libcamera.org > https://lists.libcamera.org/listinfo/libcamera-devel
diff --git a/src/libcamera/ipc_unixsocket.cpp b/src/libcamera/ipc_unixsocket.cpp index def08eef00f8..eb1a50239188 100644 --- a/src/libcamera/ipc_unixsocket.cpp +++ b/src/libcamera/ipc_unixsocket.cpp @@ -172,7 +172,7 @@ int IPCUnixSocket::send(const Payload &payload) if (!isBound()) return -ENOTCONN; - Header hdr; + Header hdr = {}; hdr.data = payload.data.size(); hdr.fds = payload.fds.size();
IPCUnixSocket::send() sends a IPCUnixSocket::Header allocated on the stack. All the fields of the header are initialized, but the padding bytes are not. This results in random data being sent over the UNIX socket, potentially leaking information. Fix this by initializing the whole header to 0. Fixes: 13dd7a01ecbe ("libcamera: ipc: unix: Add a IPC mechanism based on Unix sockets") Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> --- src/libcamera/ipc_unixsocket.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)