staging: wilc1000: fix infoleak in wilc_wfi_cfgoperations
authorKangjie Lu <kangjielu@gmail.com>
Wed, 4 May 2016 01:36:11 +0000 (21:36 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 4 May 2016 05:57:14 +0000 (22:57 -0700)
"mac" is an array allocated in stack without being initialized,
and will be sent out via "nla_put". The dump_station() is supposed
to initialize the mac address; otherwise, sensitive data in kernel
stack will be leaked. To fix this, copy the mac address to it.

Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/wilc1000/wilc_wfi_cfgoperations.c

index 85031f7..4b04135 100644 (file)
@@ -1804,6 +1804,7 @@ static int dump_station(struct wiphy *wiphy, struct net_device *dev,
 
        wilc_get_rssi(vif, &sinfo->signal);
 
+       memcpy(mac, priv->au8AssociatedBss, ETH_ALEN);
        return 0;
 }