...
When passing a pointer to a structure across a trust boundary to a different trusted domain, programmers must ensure that the padding bytes of these structures do not contain sensitive information.
Noncompliant Code Example
This noncompliant code example runs in kernel space and copies data from struct test to user space. However, padding bytes may be used within the structure, for example, to ensure the proper alignment of the structure members. These padding bytes may contain sensitive information, which may then be leaked when the data is copied to user space.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stddef.h>
struct test {
int a;
char b;
int c;
};
/* Safely copy bytes to user space */
extern int copy_to_user(void *dest, void *src, size_t size);
void do_stuff(void *usr_buf) {
struct test arg = {.a = 1, .b = 2, .c = 3};
copy_to_user(usr_buf, &arg, sizeof(arg));
}
|
Noncompliant Code Example (memset())
The padding bytes can be explicitly initialized by calling memset():
...