[U-Boot] [PATCH] cmd_sf: Fix problem with "sf update" and unaligned length
Wolfgang Denk
wd at denx.de
Mon Jan 12 22:10:34 CET 2015
Dear Stefan,
In message <54B37759.7040801 at denx.de> you wrote:
>
> > Should we add a memset(buf, 0, sizeof(buf)) before the memcpy() to
> > prevent information from earlier activities to leak?
>
> "buf" points to the new data to be written into the flash. We're
> overwriting the first "len" bytes of "cmp_buf" with this data.
Oh, sorry for the mixup. Then cmp_buf should be cleared (or at elast
the remaining, unused part).
> I don't see why we should erase anything there. Perhaps I'm missing
> something though.
You are leaking data. This could contain "interesting" information;
see the OpenSSL “Heartbleed” vulnerability for a (nasty) example what
information leakage can do.
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
Very ugly or very beautiful women should be flattered on their
understanding, and mediocre ones on their beauty.
-- Philip Earl of Chesterfield
More information about the U-Boot
mailing list