[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 5 Dec 2010 18:58:07 +0000 (UTC)
From: Bhadrinath <bitstrat@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Interesting behavior with struct initiailization
One solution that could ensure no padding bits are copied uninitialized,
*******************************************************************************
struct test{ int a; char b; int c;};
// Let arg be the one to be copied into user space
struct test arg = { .a = 1, .b = 2, .c = 3 };
// Create an equivalent structure
struct test argC;
.
.
.
// Do all the operations on arg and just before passing it to the function
// clear the argC to zero
memset_s(&argC, 0,sizeof argC);
// Now copy the contents of arg into argC one by one
memcpy(&argC.a,&arg.a,sizeof arg.a);
memcpy(&argC.b,&arg.b,sizeof arg.b);
memcpy(&argC.c,&arg.c,sizeof arg.c);
//This ensures that no uninitialized padding bits are passed to the user space
copy_to_user(ptr,&argC,sizeof argC);
*******************************************************************************
Comments and other ideas are welcome.
Regards
Bhadrinath
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
