Dear Stefan,
In message <54b37759.7040...@denx.de> you wrote:
>
> > Should we add a memset(buf, 0, sizeof(buf)) before the memcpy() to
> > prevent information from earlier activities to leak?
>
> "buf" points to the new data to be written into the flash. We're
> overwriting the first "len" bytes of "cmp_buf" with this data.
Oh, sorry for the mixup. Then cmp_buf should be cleared (or at elast
the remaining, unused part).
> I don't see why we should erase anything there. Perhaps I'm missing
> something though.
You are leaking data. This could contain "interesting" information;
see the OpenSSL “Heartbleed” vulnerability for a (nasty) example what
information leakage can do.
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de
Very ugly or very beautiful women should be flattered on their
understanding, and mediocre ones on their beauty.
-- Philip Earl of Chesterfield
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
