app: aboot: zero out extra bits, while update misc partition. Zeored out extra bits while updating misc parition. Issue: SEC-2021 Change-Id: I9f57a78b00360b7ee464cd0c76540de8d9784555 (cherry picked from commit 0d06ad00c8d6630cd90016226c7d68eedb5a1132)

commit: 5eaafbd775cb62e76dea3c2b803f8a517cb090c5 [log] [tgz]
author: Mayank Grover <groverm@codeaurora.org> Tue Oct 24 12:27:53 2017 +0530
committer: Karsten Tausche <karsten@fairphone.com> Mon Oct 28 12:31:07 2019 +0100
tree: 68e479cad3b076dbaa2befc5fd781cb14ec07e65
parent: 7fb13416720c8fc0f9766b9f247819b34938b92b [diff]
diff --git a/app/aboot/recovery.c b/app/aboot/recovery.c
index 817a6be..9312095 100644
--- a/app/aboot/recovery.c
+++ b/app/aboot/recovery.c

@@ -562,6 +562,11 @@
 			return -1;
 		}
 
+		/* This will ensure, we zeored out any extra bytes
+		   we will push to emmc, to prevent information leak */
+		if (aligned_size > size)
+			memset((scratch_addr + size), 0, (aligned_size-size));
+
 		if (scratch_addr != buf)
 			memcpy(scratch_addr, buf, size);
 		if (mmc_write(ptn + offset, aligned_size, (unsigned int *)scratch_addr))
@@ -599,8 +604,14 @@
 			return -1;
 		}
 
+		/* This will ensure, we zeored out any extra bytes
+		   we will push, to prevent information leak */
+		if (aligned_size > size)
+			memset((scratch_addr + size), 0, (aligned_size-size));
+
 		if (scratch_addr != buf)
 			memcpy(scratch_addr, buf, size);
+
 		if (flash_write(ptn, offset, scratch_addr, aligned_size)) {
 			dprintf(CRITICAL, "Writing flash failed\n");
 			return -1;
commit	5eaafbd775cb62e76dea3c2b803f8a517cb090c5	[log] [tgz]
author	Mayank Grover <groverm@codeaurora.org>	Tue Oct 24 12:27:53 2017 +0530
committer	Karsten Tausche <karsten@fairphone.com>	Mon Oct 28 12:31:07 2019 +0100
tree	68e479cad3b076dbaa2befc5fd781cb14ec07e65
parent	7fb13416720c8fc0f9766b9f247819b34938b92b [diff]