...
| Code Block | ||
|---|---|---|
| ||
struct test{
int a;
char b;
int c;
};
.
.
struct test arg;
// Initialize arg using memset such that padding bytes are initialized
memset_s(&arg,0,sizeof arg);
.
//perform operations on arg
.
arg.a =1;
arg.b =2;
.
//copy arg to user space
copy_to_user(ptr, &arg, sizeof(arg));
|
...
So the above example could leak data under some specific compiler.
Compliant Solution 1(Structure Packing : (- GCC)
GCC allows specifying attributes of variables and structures using the keyword _attribute((packed_)).
This means that that GCC will not add any padding bytes (for memory alignment) and make variables or fields immediately next to each other.
...
This compliant solution uses an array of structures rather than an array of pointers. That way, an actual copy of each int_struct (rather than a pointer to the object) is stored.
| Code Block | ||||
|---|---|---|---|---|
| ||||
struct test{
 int a;
char b;
int c;
} __attribute__((__packed__));
.
struct test arg = {.a=1,.b=2,.c=3};
.
.
// perform operation on arg
.
.
// Copy arg to user space
copy_to_user(ptr, &arg, sizeof(arg));
|
Compliant Solution 2(Structure Packing - MSVC)
In case of MSVC, use #pragma pack() instead of _packed_ attribute to ensure no padding bytes are added.
...
pack takes effect at the first struct , union, or class declaration declaration after the pragma is seen. The alignment of a member will be on a boundary that is a multiple of 1 byte.
...
This ensures that no uninitialized padding bytes are copied to unprivileged users.
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL39-C | low | unlikely | medium | P2 | L3 |