Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp3731752imm; Mon, 8 Oct 2018 08:39:11 -0700 (PDT) X-Google-Smtp-Source: ACcGV62JF9SOfSCWFFyTE4c92OmUmy+ensjL/BNmsulsmPv4jo0R4mrJ5pZxa+VUqW867uSkr1To X-Received: by 2002:a17:902:744c:: with SMTP id e12-v6mr24657294plt.186.1539013151519; Mon, 08 Oct 2018 08:39:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539013151; cv=none; d=google.com; s=arc-20160816; b=R75A59pR56001HC8ovqFNcuUO432yri0hR2yymeMev3cMwvZAl85kzCWrpu3nrjXYk 5je8krD3mTJYOh0szH/j63wYPXKoXF/w7JbfpwqKyXWnGLISfdWg0XC9GXlcyWIAtNBb XSDMGGm2q8zH9eva7PBIR2KJo9VRYLYZ/TRXgca3/z3azE4f9pfFj2iY++tyHmcAUkHN mBNANLjft2zv+7h7Ck6qKem80f4SC5utG9wj0v+tNn6WVMwKTS7GvROOqn3fr0VdP6mK /VtXxAj2GxZYRoWDZ+Tj1LRHBhDIzXe5Npy8PXK5xFQJLYpsMDogrKnwpojNOnxHHtcK MT4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=AeqFcl2gNrbXeQbDXeHwuGQDgYZbqKoybbg4upHIRRs=; b=KN0AKqDoY1J6TlkjwFLTglVcfFGCEtKUov+BmlVwZ5pX8a9OAq5oz6GzC16g7l4teP LlMpoTEE+E3Sml+AdmQ2STjL8PuDqEmGJRKx2yBvRMT4vTc/nCRzxQii7XwkgkzC4gSi dL7QoMEOpRoysqzq+Ggqz3VVmOwrzpiffWjXi7kZEspBKhKTtbCSvAge08Sig6hJvDXN Tcjl8PY9K/o9ElT8wDkzo7O12NX5Ah8X//4QmC0eciOOxvkzraZitOQ0lc1PgpE3BTLj kzprWBHNkmqWrLOvRlZSAdzHKz+uDfXgpt+X09P9MNA9vetxqOHl8utyvglnWvwfmwF+ pUMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=QAzWVxog; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u68-v6si19255714pfa.28.2018.10.08.08.38.56; Mon, 08 Oct 2018 08:39:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=QAzWVxog; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726828AbeJHWht (ORCPT + 99 others); Mon, 8 Oct 2018 18:37:49 -0400 Received: from mail.kernel.org ([198.145.29.99]:55818 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726754AbeJHWhs (ORCPT ); Mon, 8 Oct 2018 18:37:48 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 203DC20C0A; Mon, 8 Oct 2018 15:25:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1539012333; bh=X1So3z3Z1o7n3Sex1lADRoUAKw+eA85G029uKSwObio=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QAzWVxogRgf16F724tlblg+hPpLsf/iN16JUyyRytS6fJkqSVi3dfzd8l81iFP8mw 4162fNopQMdq5C0iCEG8ghwlyFuxR5CKFiS/Rp+uCOPCARuobfyWXxR1kJQYYxE9mB GBcEGQp8IsF5d8tM/C4KwTmb2sO0Xby9lfKH+M7s= From: Sasha Levin To: stable@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Sven Eckelmann , Simon Wunderlich , Sasha Levin Subject: [PATCH AUTOSEL 4.18 06/58] batman-adv: Avoid probe ELP information leak Date: Mon, 8 Oct 2018 11:24:31 -0400 Message-Id: <20181008152523.70705-6-sashal@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181008152523.70705-1-sashal@kernel.org> References: <20181008152523.70705-1-sashal@kernel.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sven Eckelmann [ Upstream commit 88d0895d0ea9d4431507d576c963f2ff9918144d ] The probe ELPs for WiFi interfaces are expanded to contain at least BATADV_ELP_MIN_PROBE_SIZE bytes. This is usually a lot more than the number of bytes which the template ELP packet requires. These extra padding bytes were not initialized and thus could contain data which were previously stored at the same location. It is therefore required to set it to some predefined or random values to avoid leaking private information from the system transmitting these kind of packets. Fixes: e4623c913508 ("batman-adv: Avoid probe ELP information leak") Signed-off-by: Sven Eckelmann Acked-by: Antonio Quartulli Signed-off-by: Simon Wunderlich Signed-off-by: Sasha Levin --- net/batman-adv/bat_v_elp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c index 71c20c1d4002..e103c759b7ab 100644 --- a/net/batman-adv/bat_v_elp.c +++ b/net/batman-adv/bat_v_elp.c @@ -241,7 +241,7 @@ batadv_v_elp_wifi_neigh_probe(struct batadv_hardif_neigh_node *neigh) * the packet to be exactly of that size to make the link * throughput estimation effective. */ - skb_put(skb, probe_len - hard_iface->bat_v.elp_skb->len); + skb_put_zero(skb, probe_len - hard_iface->bat_v.elp_skb->len); batadv_dbg(BATADV_DBG_BATMAN, bat_priv, "Sending unicast (probe) ELP packet on interface %s to %pM\n", -- 2.17.1