releases/3.16.61/cfg80211-initialize-sinfo-in-cfg80211_get_station.patch - pub/scm/linux/kernel/git/bwh/linux-stable-queue - Git at Google

 From: Sven Eckelmann <sven@narfation.org>
 Date: Wed, 6 Jun 2018 10:53:55 +0200
 Subject: cfg80211: initialize sinfo in cfg80211_get_station

 commit 3c12d0486856b9eb89c2a9ac336713cba90813e3 upstream.

 Most of the implementations behind cfg80211_get_station will not initialize
 sinfo to zero before manipulating it. For example, the member "filled",
 which indicates the filled in parts of this struct, is often only modified
 by enabling certain bits in the bitfield while keeping the remaining bits
 in their original state. A caller without a preinitialized sinfo.filled can
 then no longer decide which parts of sinfo were filled in by
 cfg80211_get_station (or actually the underlying implementations).

 cfg80211_get_station must therefore take care that sinfo is initialized to
 zero. Otherwise, the caller may tries to read information which was not
 filled in and which must therefore also be considered uninitialized. In
 batadv_v_elp_get_throughput's case, an invalid "random" expected throughput
 may be stored for this neighbor and thus the B.A.T.M.A.N V algorithm may
 switch to non-optimal neighbors for certain destinations.

 Fixes: 7406353d43c8 ("cfg80211: implement cfg80211_get_station cfg80211 API")
 Reported-by: Thomas Lauer <holminateur@gmail.com>
 Reported-by: Marcel Schmidt <ff.z-casparistrasse@mailbox.org>
 Cc: b.a.t.m.a.n@lists.open-mesh.org
 Signed-off-by: Sven Eckelmann <sven@narfation.org>
 Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
 Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 ---
  net/wireless/util.c | 2 ++
  1 file changed, 2 insertions(+)

 --- a/net/wireless/util.c
 +++ b/net/wireless/util.c
 @@ -1566,6 +1566,8 @@ int cfg80211_get_station(struct net_devi
  	if (!rdev->ops->get_station)
  		return -EOPNOTSUPP;

 +	memset(sinfo, 0, sizeof(*sinfo));
 +
  	return rdev_get_station(rdev, dev, mac_addr, sinfo);
  }
  EXPORT_SYMBOL(cfg80211_get_station);
	From: Sven Eckelmann <sven@narfation.org>
	Date: Wed, 6 Jun 2018 10:53:55 +0200
	Subject: cfg80211: initialize sinfo in cfg80211_get_station

	commit 3c12d0486856b9eb89c2a9ac336713cba90813e3 upstream.

	Most of the implementations behind cfg80211_get_station will not initialize
	sinfo to zero before manipulating it. For example, the member "filled",
	which indicates the filled in parts of this struct, is often only modified
	by enabling certain bits in the bitfield while keeping the remaining bits
	in their original state. A caller without a preinitialized sinfo.filled can
	then no longer decide which parts of sinfo were filled in by
	cfg80211_get_station (or actually the underlying implementations).

	cfg80211_get_station must therefore take care that sinfo is initialized to
	zero. Otherwise, the caller may tries to read information which was not
	filled in and which must therefore also be considered uninitialized. In
	batadv_v_elp_get_throughput's case, an invalid "random" expected throughput
	may be stored for this neighbor and thus the B.A.T.M.A.N V algorithm may
	switch to non-optimal neighbors for certain destinations.

	Fixes: 7406353d43c8 ("cfg80211: implement cfg80211_get_station cfg80211 API")
	Reported-by: Thomas Lauer <holminateur@gmail.com>
	Reported-by: Marcel Schmidt <ff.z-casparistrasse@mailbox.org>
	Cc: b.a.t.m.a.n@lists.open-mesh.org
	Signed-off-by: Sven Eckelmann <sven@narfation.org>
	Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
	Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
	---
	net/wireless/util.c \| 2 ++
	1 file changed, 2 insertions(+)

	--- a/net/wireless/util.c
	+++ b/net/wireless/util.c
	@@ -1566,6 +1566,8 @@ int cfg80211_get_station(struct net_devi
	if (!rdev->ops->get_station)
	return -EOPNOTSUPP;

	+ memset(sinfo, 0, sizeof(*sinfo));
	+
	return rdev_get_station(rdev, dev, mac_addr, sinfo);
	}
	EXPORT_SYMBOL(cfg80211_get_station);