From: Marek Lindner <mareklindner@neomailbox.ch>
To: The list for a Better Approach To Mobile Ad-hoc Networking
<b.a.t.m.a.n@lists.open-mesh.org>
Subject: Re: [PATCH 3/3] alfred: properly initialize stack buffer before sending over unix socket
Date: Sat, 22 Jan 2022 01:41:36 +0100 [thread overview]
Message-ID: <3612372.8DyAAORe3b@rousseau> (raw)
In-Reply-To: <2782676.din1RKh0Nb@sven-l14>
[-- Attachment #1: Type: text/plain, Size: 1423 bytes --]
On Friday, 21 January 2022 16:34:50 CET Sven Eckelmann wrote:
> > @@ -260,6 +262,7 @@ int alfred_client_change_interface(struct globals
> > *globals) }
> >
> > len = sizeof(change_interface);
> > + memset(&change_interface, 0, len);
> >
> > change_interface.header.type = ALFRED_CHANGE_INTERFACE;
> > change_interface.header.version = ALFRED_VERSION;\
>
> Same here.
>
> > @@ -308,6 +311,7 @@ int alfred_client_change_bat_iface(struct globals
> > *globals) }
> >
> > len = sizeof(change_bat_iface);
> > + memset(&change_bat_iface, 0, len);
> >
> > change_bat_iface.header.type = ALFRED_CHANGE_BAT_IFACE;
> > change_bat_iface.header.version = ALFRED_VERSION;
>
> Same here.
The struct alfred_change_interface_v0 -> ifaces[IFNAMSIZ * 16] may be written
to but not fully initialized. The interface name may be much shorter than the
buffer holding it. Same applies struct alfred_change_bat_iface_v0 ->
bat_iface[IFNAMSIZ] but to a lesser extent because the buffer is smaller.
This patch is based on your earlier observation that stack data may be leaked
due to the lack of (complete) initialization.
You are correct that the structs struct alfred_request_v0 &
alfred_modeswitch_v0 technically don't require initialization because all
fields are set manually. I added those for completeness sake for the next
person coming along copy & pasting the code (as I had done).
Kind regards,
Marek Lindner
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2022-01-22 0:41 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-12 21:02 alfred: allow startup without network interface Marek Lindner
2022-01-12 21:05 ` [PATCH 1/3] alfred: move interface check into helper function Marek Lindner
2022-01-12 21:05 ` [PATCH 2/3] alfred: Allow operating without any interface specified Marek Lindner
2022-01-12 21:05 ` [PATCH 3/3] alfred: properly initialize stack buffer before sending over unix socket Marek Lindner
2022-01-21 15:34 ` Sven Eckelmann
2022-01-22 0:41 ` Marek Lindner [this message]
2022-01-22 8:03 ` Sven Eckelmann
2022-01-22 13:06 ` Marek Lindner
2022-01-12 21:11 ` alfred: allow startup without network interface Marek Lindner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3612372.8DyAAORe3b@rousseau \
--to=mareklindner@neomailbox.ch \
--cc=b.a.t.m.a.n@lists.open-mesh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox