|
From: | Philippe Mathieu-Daudé |
Subject: | Re: [PATCH] virtiofsd: fix libfuse information leaks |
Date: | Fri, 22 Nov 2019 13:59:44 +0100 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.1 |
On 11/22/19 12:31 PM, Stefan Hajnoczi wrote:
Some FUSE message replies contain padding fields that are not initialized by libfuse. This is fine in traditional FUSE applications because the kernel is trusted. virtiofsd does not trust the guest and must not expose uninitialized memory. Use C struct initializers to automatically zero out memory. Not all of these code changes are strictly necessary but they will prevent future information leaks if the structs are extended. Signed-off-by: Stefan Hajnoczi <address@hidden>
Nice cleanup. Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
[Prev in Thread] | Current Thread | [Next in Thread] |