Re: [PATCH V2] net/nfc/nci: fix infoleak in struct nci_set_config_param

From: weiyongjun (A)
Date: Tue Mar 01 2022 - 23:13:22 EST

Next message: Jarkko Sakkinen: "Re: [PATCH v8 0/3] integrity: support including firmware ".platform" keys at build time"
Previous message: Mark Cilissen: "[PATCH v2] ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board"
In reply to: cgel . zte: "[PATCH V2] net/nfc/nci: fix infoleak in struct nci_set_config_param"
Next in thread: Krzysztof Kozlowski: "Re: [PATCH V2] net/nfc/nci: fix infoleak in struct nci_set_config_param"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: "Minghao Chi (CGEL ZTE)" <chi.minghao@xxxxxxxxxx>

On 64-bit systems, struct nci_set_config_param has
an added padding of 7 bytes between struct members
id and len. Even though all struct members are initialized,
the 7-byte hole will contain data from the kernel stack.
This patch zeroes out struct nci_set_config_param before
usage, preventing infoleaks to userspace.

How this info leaks to userspace?

nci_set_config_req() convert to use packed 'struct nci_core_set_config_cmd'

to send data, which does not contain hole.

Next message: Jarkko Sakkinen: "Re: [PATCH v8 0/3] integrity: support including firmware ".platform" keys at build time"
Previous message: Mark Cilissen: "[PATCH v2] ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board"
In reply to: cgel . zte: "[PATCH V2] net/nfc/nci: fix infoleak in struct nci_set_config_param"
Next in thread: Krzysztof Kozlowski: "Re: [PATCH V2] net/nfc/nci: fix infoleak in struct nci_set_config_param"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]