The "key" is not scrubbed. As what peer modules do, the fixes zeros out the key buffer. Signed-off-by: Kangjie Lu <kjlu@xxxxxxx> --- net/wireless/lib80211_crypt_wep.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/wireless/lib80211_crypt_wep.c b/net/wireless/lib80211_crypt_wep.c index dafc6f3571db..08e511aaa1ff 100644 --- a/net/wireless/lib80211_crypt_wep.c +++ b/net/wireless/lib80211_crypt_wep.c @@ -202,6 +202,7 @@ static int lib80211_wep_set_key(void *key, int len, u8 * seq, void *priv) if (len < 0 || len > WEP_KEY_LEN) return -1; + memset(wep, 0, sizeof(*wep)); memcpy(wep->key, key, len); wep->key_len = len; -- 2.17.1
