[PATCH] fix infoleak in wilc_wfi_cfgoperations

From: Kangjie Lu
Date: Tue May 03 2016 - 21:33:20 EST


"mac" is an array allocated in stack without being initialized,
and will be sent out via "nla_put". The dump_station() is supposed
to initialize the mac address; otherwise, sensitive data in kernel
stack will be leaked. To fix this, copy the mac address to it.

Signed-off-by: Kangjie Lu <kjlu@xxxxxxxxxx>
---
drivers/staging/wilc1000/wilc_wfi_cfgoperations.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c
index 448a5c8..c6e71d9 100644
--- a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c
+++ b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c
@@ -1797,6 +1797,7 @@ static int dump_station(struct wiphy *wiphy, struct net_device *dev,

wilc_get_rssi(vif, &sinfo->signal);

+ memcpy(mac, priv->au8AssociatedBss, ETH_ALEN);
return 0;
}

--
1.9.1