"mac" is an array allocated in stack without being initialized, and will be sent out via "nla_put". The dump_station() is supposed to initialize the mac address; otherwise, sensitive data in kernel stack will be leaked. To fix this, either initialize it (e.g., memset) or completely remove this dump_station(). Signed-off-by: Kangjie Lu <kjlu@xxxxxxxxxx> --- drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c b/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c index 12d1844..44a1582 100644 --- a/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c +++ b/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c @@ -2926,6 +2926,7 @@ static int cfg80211_rtw_dump_station(struct wiphy *wiphy, /* TODO: dump scanned queue */ + memset(mac, 0, ETH_ALEN); return -ENOENT; } -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
