Zepp-Hanzj opened a new pull request, #19419:
URL: https://github.com/apache/nuttx/pull/19419

   ## Summary
   
   Fix security issue where uninitialized kernel stack contents could be leaked 
to userspace when `mfrc522_picc_select()` fails.
   
   In `mfrc522_read()`, the local variable `uid` was not initialized before 
being passed to `mfrc522_picc_select()`. If the function fails (e.g., due to 
bad data on the SPI bus), the uninitialized `uid.sak` value could pass the 
`PICC_TYPE_NOT_COMPLETE` check, causing `snprintf()` to copy uninitialized 
kernel stack data to the userspace buffer.
   
   Fixes #19417
   
   ## Impact
   
   - [x] Security fix: prevents kernel stack information leak to userspace
   - [x] No functional changes for normal operation
   - [x] Properly propagates error codes from `mfrc522_picc_select()`
   
   ## Testing
   
   - Verified by code inspection against master
   - checkpatch passes
   - Builds successfully with sim:nsh + CONFIG_CL_MFRC522=y
   
   Signed-off-by: hanzhijian <[email protected]>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to