On Friday, 21 January 2022 16:34:50 CET Sven Eckelmann wrote: > > @@ -260,6 +262,7 @@ int alfred_client_change_interface(struct globals > > *globals) } > > > > len = sizeof(change_interface); > > + memset(&change_interface, 0, len); > > > > change_interface.header.type = ALFRED_CHANGE_INTERFACE; > > change_interface.header.version = ALFRED_VERSION;\ > > Same here. > > > @@ -308,6 +311,7 @@ int alfred_client_change_bat_iface(struct globals > > *globals) } > > > > len = sizeof(change_bat_iface); > > + memset(&change_bat_iface, 0, len); > > > > change_bat_iface.header.type = ALFRED_CHANGE_BAT_IFACE; > > change_bat_iface.header.version = ALFRED_VERSION; > > Same here.
The struct alfred_change_interface_v0 -> ifaces[IFNAMSIZ * 16] may be written to but not fully initialized. The interface name may be much shorter than the buffer holding it. Same applies struct alfred_change_bat_iface_v0 -> bat_iface[IFNAMSIZ] but to a lesser extent because the buffer is smaller. This patch is based on your earlier observation that stack data may be leaked due to the lack of (complete) initialization. You are correct that the structs struct alfred_request_v0 & alfred_modeswitch_v0 technically don't require initialization because all fields are set manually. I added those for completeness sake for the next person coming along copy & pasting the code (as I had done). Kind regards, Marek Lindner
signature.asc
Description: This is a digitally signed message part.
