On Tue, May 03, 2016 at 06:11:46PM -0400, Kangjie Lu wrote: > "mac" is an array allocated in stack without being initialized, > and will be sent out via "nla_put". The dump_station() is supposed > to initialize the mac address; otherwise, sensitive data in kernel > stack will be leaked. To fix this, either initialize it (e.g., > memset) or completely remove this dump_station(). > > Signed-off-by: Kangjie Lu <kjlu@xxxxxxxxxx> > --- > drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c b/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c > index 12d1844..44a1582 100644 > --- a/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c > +++ b/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c > @@ -2926,6 +2926,7 @@ static int cfg80211_rtw_dump_station(struct wiphy *wiphy, > > /* TODO: dump scanned queue */ > > + memset(mac, 0, ETH_ALEN); > return -ENOENT; > } This isn't needed, as it returns -ENOENT and so mac never gets used. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
