[PATCH] fix infoleak in wilc_wfi_cfgoperations

From: Kangjie Lu
Date: Tue May 03 2016 - 21:33:20 EST

Next message: Peter Pan: "Re: [PATCH 02/11] mtd: nand_bbt: introduce BBT related data structure"
Previous message: Andrew Lunn: "Re: [PATCH 02/12] eeprom: at24: remove nvmem regmap dependency"
In reply to: Greg KH: "Re: [PATCH] fix infoleak in wilc_wfi_cfgoperations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"mac" is an array allocated in stack without being initialized,
and will be sent out via "nla_put". The dump_station() is supposed
to initialize the mac address; otherwise, sensitive data in kernel
stack will be leaked. To fix this, copy the mac address to it.

Signed-off-by: Kangjie Lu <kjlu@xxxxxxxxxx>
---
drivers/staging/wilc1000/wilc_wfi_cfgoperations.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c
index 448a5c8..c6e71d9 100644
--- a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c
+++ b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c
@@ -1797,6 +1797,7 @@ static int dump_station(struct wiphy *wiphy, struct net_device *dev,

wilc_get_rssi(vif, &sinfo->signal);

+ memcpy(mac, priv->au8AssociatedBss, ETH_ALEN);
return 0;
}

--
1.9.1

Next message: Peter Pan: "Re: [PATCH 02/11] mtd: nand_bbt: introduce BBT related data structure"
Previous message: Andrew Lunn: "Re: [PATCH 02/12] eeprom: at24: remove nvmem regmap dependency"
In reply to: Greg KH: "Re: [PATCH] fix infoleak in wilc_wfi_cfgoperations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]