| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 May 2016 21:36:11 -0400 From: Kangjie Lu <kangjielu@...il.com> To: johnny.kim@...el.com Cc: austin.shin@...el.com, chris.park@...el.com, gregkh@...uxfoundation.org, devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org, linux-wireless@...r.kernel.org, taesoo@...ech.edu, insu@...ech.edu, csong84@...ech.edu, Kangjie Lu <kjlu@...ech.edu> Subject: [PATCH] fix infoleak in wilc_wfi_cfgoperations "mac" is an array allocated in stack without being initialized, and will be sent out via "nla_put". The dump_station() is supposed to initialize the mac address; otherwise, sensitive data in kernel stack will be leaked. To fix this, copy the mac address to it. Signed-off-by: Kangjie Lu <kjlu@...ech.edu> --- drivers/staging/wilc1000/wilc_wfi_cfgoperations.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c index 448a5c8..c6e71d9 100644 --- a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c +++ b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c @@ -1797,6 +1797,7 @@ static int dump_station(struct wiphy *wiphy, struct net_device *dev, wilc_get_rssi(vif, &sinfo->signal); + memcpy(mac, priv->au8AssociatedBss, ETH_ALEN); return 0; } -- 1.9.1
Powered by blists - more mailing lists