Initalize the recovery message
ISSUE:
There are uninitialized memory buffers when processing fastboot commands
causing information disclosure leading to a general bypass for a defense
in depth or exploit mitigation technology in a privileged process the
TCB or the TEE.
This patch initializes each allocation of struct recovery_message to 0.
FPIIM-2015
Change-Id: I168ac218e0c75336f2aab51df00955035f3cf162
diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c
index 183f9a4..1c8b989 100755
--- a/app/aboot/aboot.c
+++ b/app/aboot/aboot.c
@@ -2303,6 +2303,7 @@
void cmd_oem_lock(const char *arg, void *data, unsigned sz)
{
struct recovery_message msg;
+ memset(&msg, 0, sizeof(msg));
if(device.is_unlocked)
{
device.is_unlocked = 0;
@@ -2324,6 +2325,7 @@
device.is_unlocked = 1;
write_device_info(&device);
struct recovery_message msg;
+ memset(&msg, 0, sizeof(msg));
snprintf(msg.recovery, sizeof(msg.recovery), "recovery\n--wipe_data");
write_misc(0, &msg, sizeof(msg));