| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87inmifak8.fsf@kamboji.qca.qualcomm.com>
Date: Thu, 06 Apr 2017 07:02:15 +0300
From: Kalle Valo <kvalo@...eaurora.org>
To: Brian Norris <briannorris@...omium.org>
Cc: Nishant Sarmukadam <nishants@...vell.com>,
Ganapathi Bhat <gbhat@...vell.com>,
Xinming Hu <huxm@...vell.com>, <linux-kernel@...r.kernel.org>,
Dmitry Torokhov <dmitry.torokhov@...il.com>,
netdev@...r.kernel.org, linux-wireless@...r.kernel.org
Subject: Re: [PATCH] mwifiex: MAC randomization should not be persistent
Brian Norris <briannorris@...omium.org> writes:
> nl80211 provides the NL80211_SCAN_FLAG_RANDOM_ADDR for every scan
> request that should be randomized; the absence of such a flag means we
> should not randomize. However, mwifiex was stashing the latest
> randomization request and *always* using it for future scans, even those
> that didn't set the flag.
>
> Let's zero out the randomization info whenever we get a scan request
> without NL80211_SCAN_FLAG_RANDOM_ADDR. I'd prefer to remove
> priv->random_mac entirely (and plumb the randomization MAC properly
> through the call sequence), but the spaghetti is a little difficult to
> unravel here for me.
>
> Fixes: c2a8f0ff9c6c ("mwifiex: support random MAC address for scanning")
So the first release with this was v4.9.
> Signed-off-by: Brian Norris <briannorris@...omium.org>
> ---
> Should this be tagged for -stable?
IMHO yes.
--
Kalle Valo
Powered by blists - more mailing lists