[PATCH 3/3] alfred: properly initialize stack buffer before sending over unix socket

12 Jan 2022

Without explicitely initializing the buffer with null bytes, the stack
variables may contain process information which may be leaked when
transmitted via unix socket.
Also, the size of the variables sitting on the stack can be reduced.
Signed-off-by: Marek Lindner mareklindner@neomailbox.ch
---
 client.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/client.c b/client.c
index b5d8943..cf15ff4 100644
--- a/client.c
+++ b/client.c
@@ -35,6 +35,7 @@ int alfred_client_request_data(struct globals *globals)
    	return -1;
len = sizeof(request);
+	memset(&request, 0, len);
request.header.type = ALFRED_REQUEST;
    request.header.version = ALFRED_VERSION;
@@ -184,6 +185,7 @@ int alfred_client_modeswitch(struct globals *globals)
    	return -1;
len = sizeof(modeswitch);
+	memset(&modeswitch, 0, len);
modeswitch.header.type = ALFRED_MODESWITCH;
    modeswitch.header.version = ALFRED_VERSION;
@@ -260,6 +262,7 @@ int alfred_client_change_interface(struct globals *globals)
    }
len = sizeof(change_interface);
+	memset(&change_interface, 0, len);
change_interface.header.type = ALFRED_CHANGE_INTERFACE;
    change_interface.header.version = ALFRED_VERSION;
@@ -308,6 +311,7 @@ int alfred_client_change_bat_iface(struct globals *globals)
    }
len = sizeof(change_bat_iface);
+	memset(&change_bat_iface, 0, len);
change_bat_iface.header.type = ALFRED_CHANGE_BAT_IFACE;
    change_bat_iface.header.version = ALFRED_VERSION;
-- 
2.32.0.rc0

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

[PATCH 3/3] alfred: properly initialize stack buffer before sending over unix socket