lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Aug 2010 11:03:03 -0700 From: Kees Cook <kees.cook@...onical.com> To: Johannes Berg <johannes@...solutions.net> Cc: "John W. Linville" <linville@...driver.com>, linux-kernel@...r.kernel.org, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <eric.dumazet@...il.com>, Joe Perches <joe@...ches.com>, Tejun Heo <tj@...nel.org>, linux-wireless@...r.kernel.org, netdev@...r.kernel.org, Jean Tourrilhes <jt@....hp.com> Subject: Re: [PATCH] wireless extensions: fix kernel heap content leak Hi Johannes, On Mon, Aug 30, 2010 at 12:24:54PM +0200, Johannes Berg wrote: > --- wireless-testing.orig/net/wireless/wext-compat.c 2010-08-30 12:04:57.000000000 +0200 > +++ wireless-testing/net/wireless/wext-compat.c 2010-08-30 12:11:32.000000000 +0200 > @@ -1420,6 +1420,9 @@ int cfg80211_wext_giwessid(struct net_de > { > struct wireless_dev *wdev = dev->ieee80211_ptr; > > + data->flags = 0; > + data->length = 0; > + > switch (wdev->iftype) { > case NL80211_IFTYPE_ADHOC: > return cfg80211_ibss_wext_giwessid(dev, info, data, ssid); Thanks for all your work on this! Were you able to trigger the leak through cfg80211? If so, then this will need a CVE assigned and sent to stable too, I think. -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists