On Sun, 2013-08-25 at 17:41 +0100, Alexander Graf wrote: > > While I don't think any harm could happen from it, this could lead to > a potential timing attack where we read and write from different > locations in memory if the guest swizzles the request while we're > processing it. > > It's certainly better style (read: makes it easier to prove this > doesn't happen when it really is important) to read the variables into > local variables and reuse them there. In this case it mostly helps > readability to make sure here and below are the same variables.
Ugh... It's not better style at all, it's also less efficient and the "attack" you talk about doesn't exist... All the guest can do is shoot itself in the foot. Ben.
