| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1462313506-7742-1-git-send-email-kjlu@gatech.edu> Date: Tue, 3 May 2016 18:11:46 -0400 From: Kangjie Lu <kangjielu@...il.com> To: Larry.Finger@...inger.net Cc: Jes.Sorensen@...hat.com, gregkh@...uxfoundation.org, linux-wireless@...r.kernel.org, evel@...verdev.osuosl.org, linux-kernel@...r.kernel.org, taesoo@...ech.edu, insu@...ech.edu, csong84@...ech.edu, Kangjie Lu <kjlu@...ech.edu> Subject: [PATCH] fix infoleak in ioctl_cfg80211 "mac" is an array allocated in stack without being initialized, and will be sent out via "nla_put". The dump_station() is supposed to initialize the mac address; otherwise, sensitive data in kernel stack will be leaked. To fix this, either initialize it (e.g., memset) or completely remove this dump_station(). Signed-off-by: Kangjie Lu <kjlu@...ech.edu> --- drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c b/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c index 12d1844..44a1582 100644 --- a/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c +++ b/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c @@ -2926,6 +2926,7 @@ static int cfg80211_rtw_dump_station(struct wiphy *wiphy, /* TODO: dump scanned queue */ + memset(mac, 0, ETH_ALEN); return -ENOENT; } -- 1.9.1
Powered by blists - more mailing lists