lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 11 Nov 2018 19:49:05 +0000
From:   Ben Hutchings <ben@...adent.org.uk>
To:     linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC:     akpm@...ux-foundation.org, b.a.t.m.a.n@...ts.open-mesh.org,
        "Sven Eckelmann" <sven@...fation.org>,
        "Marcel Schmidt" <ff.z-casparistrasse@...lbox.org>,
        "Johannes Berg" <johannes@...solutions.net>,
        "Thomas Lauer" <holminateur@...il.com>
Subject: [PATCH 3.16 142/366] cfg80211: initialize sinfo in
 cfg80211_get_station

3.16.61-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Sven Eckelmann <sven@...fation.org>

commit 3c12d0486856b9eb89c2a9ac336713cba90813e3 upstream.

Most of the implementations behind cfg80211_get_station will not initialize
sinfo to zero before manipulating it. For example, the member "filled",
which indicates the filled in parts of this struct, is often only modified
by enabling certain bits in the bitfield while keeping the remaining bits
in their original state. A caller without a preinitialized sinfo.filled can
then no longer decide which parts of sinfo were filled in by
cfg80211_get_station (or actually the underlying implementations).

cfg80211_get_station must therefore take care that sinfo is initialized to
zero. Otherwise, the caller may tries to read information which was not
filled in and which must therefore also be considered uninitialized. In
batadv_v_elp_get_throughput's case, an invalid "random" expected throughput
may be stored for this neighbor and thus the B.A.T.M.A.N V algorithm may
switch to non-optimal neighbors for certain destinations.

Fixes: 7406353d43c8 ("cfg80211: implement cfg80211_get_station cfg80211 API")
Reported-by: Thomas Lauer <holminateur@...il.com>
Reported-by: Marcel Schmidt <ff.z-casparistrasse@...lbox.org>
Cc: b.a.t.m.a.n@...ts.open-mesh.org
Signed-off-by: Sven Eckelmann <sven@...fation.org>
Signed-off-by: Johannes Berg <johannes@...solutions.net>
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
 net/wireless/util.c | 2 ++
 1 file changed, 2 insertions(+)

--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -1566,6 +1566,8 @@ int cfg80211_get_station(struct net_devi
 	if (!rdev->ops->get_station)
 		return -EOPNOTSUPP;
 
+	memset(sinfo, 0, sizeof(*sinfo));
+
 	return rdev_get_station(rdev, dev, mac_addr, sinfo);
 }
 EXPORT_SYMBOL(cfg80211_get_station);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ