From bf34ac75d0d61609296de1300196c843f4246e7c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jonas=20=C3=85dahl?= Date: Wed, 10 Feb 2016 23:35:44 +0800 Subject: [PATCH] connection: Don't add uninitialized memory as 4 byte alignment padding MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit When we are adding padding bytes making our wl_buffer buffer content 4 byte aligned, we are just moving the pointer. Since the buffer is allocated using plain malloc(), this means our padding bytes are effectively uninitialized data, which could be anything previously allocated in the server process. As we'll be sharing this buffer content with arbitrary clients, we are effectively sharing private memory with every client, and even though a well behaving client will discard any such memory, a malicious client may not. Therefor, to avoid any potential missuse of the uninitialized padding memory shared between the server and client, initialize the buffer content to 0, making the padding bytes always 0. Signed-off-by: Jonas Ådahl Reviewed-by: Derek Foreman Reviewed-by: Pekka Paalanen Reviewed-by: Bryce Harrington --- src/connection.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/connection.c b/src/connection.c index 65b64e9..c0e322f 100644 --- a/src/connection.c +++ b/src/connection.c @@ -1137,7 +1137,7 @@ wl_closure_send(struct wl_closure *closure, struct wl_connection *connection) return -1; buffer_size = buffer_size_for_closure(closure); - buffer = malloc(buffer_size * sizeof buffer[0]); + buffer = zalloc(buffer_size * sizeof buffer[0]); if (buffer == NULL) return -1; -- 2.7.4