12 Jan
2015
12 Jan
'15
10:10 p.m.
Dear Stefan,
In message 54B37759.7040801@denx.de you wrote:
Should we add a memset(buf, 0, sizeof(buf)) before the memcpy() to prevent information from earlier activities to leak?
"buf" points to the new data to be written into the flash. We're overwriting the first "len" bytes of "cmp_buf" with this data.
Oh, sorry for the mixup. Then cmp_buf should be cleared (or at elast the remaining, unused part).
I don't see why we should erase anything there. Perhaps I'm missing something though.
You are leaking data. This could contain "interesting" information; see the OpenSSL “Heartbleed” vulnerability for a (nasty) example what information leakage can do.
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de
Very ugly or very beautiful women should be flattered on their
understanding, and mediocre ones on their beauty.
-- Philip Earl of Chesterfield