Re: [PATCH] fix infoleak in wilc_wfi_cfgoperations

From: Greg KH
Date: Tue May 03 2016 - 19:06:34 EST


On Tue, May 03, 2016 at 06:17:28PM -0400, Kangjie Lu wrote:
> "mac" is an array allocated in stack without being initialized,
> and will be sent out via "nla_put". The dump_station() is supposed
> to initialize the mac address; otherwise, sensitive data in kernel
> stack will be leaked. To fix this, initialize it with memset or
> fill it with meaningful mac address.

"or"? You just set it to zero, why not fix this correctly and put the
real address here?

thanks,

greg k-h