Re: [PATCH] fix infoleak in wilc_wfi_cfgoperations

From: Greg KH
Date: Tue May 03 2016 - 19:06:34 EST

Next message: Jarno Rajahalme: "[PATCH net v3 1/2] udp_tunnel: Remove redundant udp_tunnel_gro_complete()."
Previous message: Greg KH: "Re: [PATCH] fix infoleak in ioctl_cfg80211"
In reply to: Kangjie Lu: "[PATCH] fix infoleak in wilc_wfi_cfgoperations"
Next in thread: Kangjie Lu: "[PATCH] fix infoleak in wilc_wfi_cfgoperations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 03, 2016 at 06:17:28PM -0400, Kangjie Lu wrote:
> "mac" is an array allocated in stack without being initialized,
> and will be sent out via "nla_put". The dump_station() is supposed
> to initialize the mac address; otherwise, sensitive data in kernel
> stack will be leaked. To fix this, initialize it with memset or
> fill it with meaningful mac address.

"or"? You just set it to zero, why not fix this correctly and put the
real address here?

thanks,

greg k-h

Next message: Jarno Rajahalme: "[PATCH net v3 1/2] udp_tunnel: Remove redundant udp_tunnel_gro_complete()."
Previous message: Greg KH: "Re: [PATCH] fix infoleak in ioctl_cfg80211"
In reply to: Kangjie Lu: "[PATCH] fix infoleak in wilc_wfi_cfgoperations"
Next in thread: Kangjie Lu: "[PATCH] fix infoleak in wilc_wfi_cfgoperations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]