Pan Bian <bianpan2016@xxxxxxx> wrote: > Function lbs_cmd_802_11_sleep_params() always return 0, even if the call > to lbs_cmd_with_response() fails. In this case, the parameter @sp will > keep uninitialized. Because the return value is 0, its caller (say > lbs_sleepparams_read()) will not detect the error, and will copy the > uninitialized stack memory to user sapce, resulting in stack information > leak. To avoid the bug, this patch returns variable ret (which takes > the return value of lbs_cmd_with_response()) instead of 0. > > Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188451 > > Signed-off-by: Pan Bian <bianpan2016@xxxxxxx> The prefix should be "libertas:", I'll fix that. -- https://patchwork.kernel.org/patch/9459597/ Documentation about submitting wireless patches and checking status from patchwork: https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches