On Friday, 21 January 2022 16:34:50 CET Sven Eckelmann wrote:
+262,7 @@ int alfred_client_change_interface(struct globals
len = sizeof(change_interface);
+ memset(&change_interface, 0, len);
change_interface.header.type = ALFRED_CHANGE_INTERFACE;
change_interface.header.version = ALFRED_VERSION;\
@@ -308,6 +311,7 @@ int
len = sizeof(change_bat_iface);
+ memset(&change_bat_iface, 0, len);
change_bat_iface.header.type = ALFRED_CHANGE_BAT_IFACE;
change_bat_iface.header.version = ALFRED_VERSION;
The struct alfred_change_interface_v0 -> ifaces[IFNAMSIZ * 16] may be written
to but not fully initialized. The interface name may be much shorter than the
buffer holding it. Same applies struct alfred_change_bat_iface_v0 ->
bat_iface[IFNAMSIZ] but to a lesser extent because the buffer is smaller.
This patch is based on your earlier observation that stack data may be leaked
due to the lack of (complete) initialization.
You are correct that the structs struct alfred_request_v0 &
alfred_modeswitch_v0 technically don't require initialization because all
fields are set manually. I added those for completeness sake for the next
person coming along copy & pasting the code (as I had done).