Depending on how structures are initialised in the code is
possible that implicit padding bytes are not initialised
causing possible information leaks as the entire structure
with all padding is sent through device/network.
Signed-off-by: Frediano Ziglio <fzig...@redhat.com>
spice/stream-device.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/spice/stream-device.h b/spice/stream-device.h
index 2e7c50e..b2f83b5 100644
@@ -48,6 +48,8 @@
* containing integers up to 64 bit.
* All numbers are in little endian format.
+ * For security reasons structures should not contain implicit paddings.
* The protocol can be defined by these states:
* - Initial. Device just opened. Guest should wait
* for a message from the host;
Spice-devel mailing list