| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170118144346.8E91760818@smtp.codeaurora.org>
Date: Wed, 18 Jan 2017 14:43:46 +0000 (UTC)
From: Kalle Valo <kvalo@...eaurora.org>
To: Pan Bian <bianpan2016@....com>
Cc: Andreas Kemnade <andreas@...nade.info>,
Johannes Berg <johannes.berg@...el.com>,
libertas-dev@...ts.infradead.org, linux-wireless@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Pan Bian <bianpan2016@....com>
Subject: Re: [1/1] net: wireless: marvell: fix improper return value
Pan Bian <bianpan2016@....com> wrote:
> Function lbs_cmd_802_11_sleep_params() always return 0, even if the call
> to lbs_cmd_with_response() fails. In this case, the parameter @sp will
> keep uninitialized. Because the return value is 0, its caller (say
> lbs_sleepparams_read()) will not detect the error, and will copy the
> uninitialized stack memory to user sapce, resulting in stack information
> leak. To avoid the bug, this patch returns variable ret (which takes
> the return value of lbs_cmd_with_response()) instead of 0.
>
> Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188451
>
> Signed-off-by: Pan Bian <bianpan2016@....com>
The prefix should be "libertas:", I'll fix that.
--
https://patchwork.kernel.org/patch/9459597/
Documentation about submitting wireless patches and checking status
from patchwork:
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Powered by blists - more mailing lists