lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aJ7EQZFT4rx2Tnj_@stanley.mountain>
Date: Fri, 15 Aug 2025 08:23:13 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Qianfeng Rong <rongqianfeng@...o.com>
Cc: Brian Norris <briannorris@...omium.org>,
	Francesco Dolcini <francesco@...cini.it>,
	Johannes Berg <johannes.berg@...el.com>,
	Sascha Hauer <s.hauer@...gutronix.de>,
	Kalle Valo <kvalo@...nel.org>,
	Aditya Kumar Singh <quic_adisi@...cinc.com>,
	Rameshkumar Sundaram <quic_ramess@...cinc.com>,
	Roopni Devanathan <quic_rdevanat@...cinc.com>,
	Jason Xing <kerneljasonxing@...il.com>,
	Jinjie Ruan <ruanjinjie@...wei.com>,
	Bert Karwatzki <spasswolf@....de>, Jeff Chen <jeff.chen_1@....con>,
	Thomas Gleixner <tglx@...utronix.de>,
	Christophe JAILLET <christophe.jaillet@...adoo.fr>,
	"John W. Linville" <linville@...driver.com>,
	Cathy Luo <cluo@...vell.com>, Xinmin Hu <huxm@...vell.com>,
	Avinash Patil <patila@...vell.com>, linux-wireless@...r.kernel.org,
	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH v3] wifi: mwifiex: Initialize the chan_stats array to zero

On Fri, Aug 15, 2025 at 10:30:50AM +0800, Qianfeng Rong wrote:
> The adapter->chan_stats[] array is initialized in
> mwifiex_init_channel_scan_gap() with vmalloc(), which doesn't zero out
> memory.  The array is filled in mwifiex_update_chan_statistics()
> and then the user can query the data in mwifiex_cfg80211_dump_survey().
> 
> There are two potential issues here.  What if the user calls
> mwifiex_cfg80211_dump_survey() before the data has been filled in.
> Also the mwifiex_update_chan_statistics() function doesn't necessarily
> initialize the whole array.  Since the array was not initialized at
> the start that could result in an information leak.
> 
> Also this array is pretty small.  It's a maximum of 900 bytes so it's
> more appropriate to use kcalloc() instead vmalloc().
> 
> Cc: stable@...r.kernel.org
> Fixes: bf35443314ac ("mwifiex: channel statistics support for mwifiex")
> Suggested-by: Dan Carpenter <dan.carpenter@...aro.org>
> Signed-off-by: Qianfeng Rong <rongqianfeng@...o.com>
> ---

Thanks so much!

Reviewed-by: Dan Carpenter <dan.carpenter@...aro.org>

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ