lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20160520.094515.288573467665398547.davem@davemloft.net>
Date:	Fri, 20 May 2016 09:45:15 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	vegard.nossum@...il.com
Cc:	jslaby@...e.cz, stable@...r.kernel.org,
	linux-kernel@...r.kernel.org, kangjielu@...il.com, kjlu@...ech.edu
Subject: Re: [PATCH 3.12 69/76] net: fix infoleak in rtnetlink

From: Vegard Nossum <vegard.nossum@...il.com>
Date: Fri, 20 May 2016 14:04:54 +0200

> Just out of curiosity, was this observed in practice? I could be
> wrong, but I was under the impression that using designated
> initializers would zero the rest of the struct, including padding.

I compiled testcases and found that the compiler does not zero out
padding when using designated initializers.

You can do the same.

For example, on sparc 32-bit, this code:

struct foo {
	int a;
	short b;
	int c;
};

extern void foo(struct foo *);

void bar(void)
{
	struct foo f = { .a = 1, .b = 2, .c = 3 };

	foo(&f);
}

gives:

	mov	1, %g1
	st	%g1, [%fp-12]
	mov	2, %g1
	sth	%g1, [%fp-8]
	mov	3, %g1
	st	%g1, [%fp-4]

It does not initialize the padding between 'b' and 'c'.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ