Thanks for taking a look! and thanks for maintaining this library; it's very useful.
- Alan On Fri, Aug 19, 2016 at 1:56 AM, Vasily Khoruzhick <[email protected]> wrote: > Hi Alan, > > Thanks for your e-mail and patch. > > I expect it to be in worst case some re-used memory of libfprint, so > it's not really a security leak, since the only sensitive information > is saved to the disk. But I'll take your patch. > > Regards, > Vasily > > On Thu, Aug 18, 2016 at 3:01 PM, Alan Davidson <[email protected]> wrote: > > Hi libfprint folks - > > > > I was enrolling fingerprints and saving the data to files (using > > fp_print_data_get_data), when I noticed that the data section for the > > minutiae had interesting stuff in the unused parts. This is to say, the > > xyt_struct (from bozorth.h) allocates space for 200 minutiae, and if I > only > > use 50 of them, the other 150 are still allocated and have stuff in them. > > These values come from things that were previously allocated and > deallocated > > on the heap, and the data is still there because it wasn't zeroed out > when > > we re-allocated it. > > > > I think it should be zeroed out, to prevent leaking whatever used to be > in > > this memory. What do you think? It's a very easy change; see the commit > at > > [1], though I'm unclear how to transfer it to your repo. Without this > > change, enrolled fingerprints saved to file on my computer have non-null > > data in the unused minutiae, and with it, all the unused minutiae are > full > > of null bytes. > > > > A little more detail: this happens in fpi_img_to_print_data (in img.c), > when > > we create a new item to store the minutiae in xyt format. The data is > later > > copied wholesale into the output buffer in fp_print_data_get_data. > > > > Thanks for taking a look! > > > > - Alan > > > > [1] > > https://github.com/keyme/libfprint/commit/1b71aff9ea389c427f9f8bfaabf8aa > 0acde37269 > > > > _______________________________________________ > > fprint mailing list > > [email protected] > > https://lists.freedesktop.org/mailman/listinfo/fprint > > >
_______________________________________________ fprint mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/fprint
