> On 23 Feb 2018, at 11:11, Frediano Ziglio <fzig...@redhat.com> wrote:
> Depending on how structures are initialised in the code is
> possible that implicit padding bytes are not initialised
> causing possible information leaks as the entire structure
> with all padding is sent through device/network.
> Signed-off-by: Frediano Ziglio <fzig...@redhat.com>
> spice/stream-device.h | 2 ++
> 1 file changed, 2 insertions(+)
> diff --git a/spice/stream-device.h b/spice/stream-device.h
> index 2e7c50e..b2f83b5 100644
> --- a/spice/stream-device.h
> +++ b/spice/stream-device.h
> @@ -48,6 +48,8 @@
> * containing integers up to 64 bit.
> * All numbers are in little endian format.
> + * For security reasons structures should not contain implicit paddings.
Acked-by: Christophe de Dinechin <dinec...@redhat.com>
> + *
> * The protocol can be defined by these states:
> * - Initial. Device just opened. Guest should wait
> * for a message from the host;
> Spice-devel mailing list
Spice-devel mailing list