| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170406164807.GB25323@google.com>
Date: Thu, 6 Apr 2017 09:48:08 -0700
From: Brian Norris <briannorris@...omium.org>
To: Kalle Valo <kvalo@...eaurora.org>
Cc: Nishant Sarmukadam <nishants@...vell.com>,
Ganapathi Bhat <gbhat@...vell.com>,
Xinming Hu <huxm@...vell.com>, linux-kernel@...r.kernel.org,
Dmitry Torokhov <dmitry.torokhov@...il.com>,
netdev@...r.kernel.org, linux-wireless@...r.kernel.org
Subject: Re: [PATCH] mwifiex: MAC randomization should not be persistent
On Thu, Apr 06, 2017 at 07:02:15AM +0300, Kalle Valo wrote:
> Brian Norris <briannorris@...omium.org> writes:
>
> > nl80211 provides the NL80211_SCAN_FLAG_RANDOM_ADDR for every scan
> > request that should be randomized; the absence of such a flag means we
> > should not randomize. However, mwifiex was stashing the latest
> > randomization request and *always* using it for future scans, even those
> > that didn't set the flag.
> >
> > Let's zero out the randomization info whenever we get a scan request
> > without NL80211_SCAN_FLAG_RANDOM_ADDR. I'd prefer to remove
> > priv->random_mac entirely (and plumb the randomization MAC properly
> > through the call sequence), but the spaghetti is a little difficult to
> > unravel here for me.
> >
> > Fixes: c2a8f0ff9c6c ("mwifiex: support random MAC address for scanning")
>
> So the first release with this was v4.9.
>
> > Signed-off-by: Brian Norris <briannorris@...omium.org>
> > ---
> > Should this be tagged for -stable?
>
> IMHO yes.
Sounds fine to me. I suppose you'll do this when applying? Or I can
resend...
Brian
Powered by blists - more mailing lists