From patchwork Sat Jan  4 05:41:27 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
X-Patchwork-Id: 2512
Return-Path: <laurent.pinchart@ideasonboard.com>
Received: from perceval.ideasonboard.com (perceval.ideasonboard.com
	[213.167.242.64])
	by lancelot.ideasonboard.com (Postfix) with ESMTPS id CB39560461
	for <libcamera-devel@lists.libcamera.org>;
	Sat,  4 Jan 2020 06:41:41 +0100 (CET)
Received: from pendragon.bb.dnainternet.fi (81-175-216-236.bb.dnainternet.fi
	[81.175.216.236])
	by perceval.ideasonboard.com (Postfix) with ESMTPSA id 5668CA49
	for <libcamera-devel@lists.libcamera.org>;
	Sat,  4 Jan 2020 06:41:41 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;
	s=mail; t=1578116501;
	bh=yQxhwBj+sDOkUMgCDfmUn5e78RSog1dY8bjJh0ejB84=;
	h=From:To:Subject:Date:From;
	b=ZjR/zilcpHhpbgEJypNDH3T2ZfnMarqURNV2lPSWwtUgh3KXoKIY4vl5WKihogj3J
	VJ1/dro22IdLUaQf62dfOcNH0Gy7O+f4AG5ow3NiKfPAELcTZhQtLtLTSxKT0Ui39w
	nHEa2ObFPAJSnHmeQNLjMgMebdK+Ho0KxTaFiyqM=
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
To: libcamera-devel@lists.libcamera.org
Date: Sat,  4 Jan 2020 07:41:27 +0200
Message-Id: <20200104054127.14108-1-laurent.pinchart@ideasonboard.com>
X-Mailer: git-send-email 2.24.1
MIME-Version: 1.0
Subject: [libcamera-devel] [PATCH] libcamera: ipc_unixsocket: Don't send
	uninitialized bytes over the socket
X-BeenThere: libcamera-devel@lists.libcamera.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <libcamera-devel.lists.libcamera.org>
List-Unsubscribe: <https://lists.libcamera.org/options/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>
List-Archive: <https://lists.libcamera.org/pipermail/libcamera-devel/>
List-Post: <mailto:libcamera-devel@lists.libcamera.org>
List-Help: <mailto:libcamera-devel-request@lists.libcamera.org?subject=help>
List-Subscribe: <https://lists.libcamera.org/listinfo/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jan 2020 05:41:42 -0000

IPCUnixSocket::send() sends a IPCUnixSocket::Header allocated on the
stack. All the fields of the header are initialized, but the padding
bytes are not. This results in random data being sent over the UNIX
socket, potentially leaking information.

Fix this by initializing the whole header to 0.

Fixes: 13dd7a01ecbe ("libcamera: ipc: unix: Add a IPC mechanism based on Unix sockets")
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se>
---
 src/libcamera/ipc_unixsocket.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libcamera/ipc_unixsocket.cpp b/src/libcamera/ipc_unixsocket.cpp
index def08eef00f8..eb1a50239188 100644
--- a/src/libcamera/ipc_unixsocket.cpp
+++ b/src/libcamera/ipc_unixsocket.cpp
@@ -172,7 +172,7 @@ int IPCUnixSocket::send(const Payload &payload)
 	if (!isBound())
 		return -ENOTCONN;
 
-	Header hdr;
+	Header hdr = {};
 	hdr.data = payload.data.size();
 	hdr.fds = payload.fds.size();