Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp2224652imm; Thu, 18 Oct 2018 10:59:42 -0700 (PDT) X-Google-Smtp-Source: ACcGV63HWCUFYNFkv8Nv/+jiSy/OkYOdy/L4L/AxyCh/RNxusuR/vuZcR++5ifrf7N13E4wwfrAS X-Received: by 2002:a17:902:a40e:: with SMTP id p14-v6mr30685173plq.338.1539885582290; Thu, 18 Oct 2018 10:59:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539885582; cv=none; d=google.com; s=arc-20160816; b=nZB/0eQfZkRIS9uG9FB+7hJGpgFlvr2MKguQHkovGDeDpruVqajL9MVCGlWnfXO7Y0 4XarDX1n4+7k3Id2L5jIoak+8jBHnSNmUBi+coNSnRUxaxdU9jeM7YTFtHJVoK3VpLtS oqNZRInS1BCO/eaHz9+SCraIZiff7lKoSWrVUuF6yAV1x6kuL24tJq6cHFpWefRtKNmp AGcOKNKe45ynUKcgxc/xrp0sBEV2UbZlwEo5eUcToy75yS4/xmhnkrl9vAHarmJQBeqb cacMqAzaB0ruIVpU4+HQtDVfAB8z9qLg3q1bYtxn8QN0f7mCuKiijkpJkXqX0vlk5foG 9f4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=mSEvNKi8IjAzTR41lGHNSBVxbPk67J3yWQEkFHeLvz0=; b=sKiQxugmZafFEyReSa6H9Khj9GK0o2DNDA0cN/uqC9Ms6Bg1EeHojB48D+TF/XyuNl ccGoQBXyhg3MugnLnA5JxAGST98EtefS8Oo+Ijd+raqvZHr0KUefujcMHynbWLWJnaNV RkhRqokJZxYE6mEGCvveY+W6PTATcV9tzcxSP31OvcPVpgEuCwmqzFCjRtsFFm6TseQ3 RH99Swijk9Z6OzdF4GNc4QNEWMRSjBh1mm20J7qYL/gJvru/bimeKSlqeMw+G3MR3e+K 0V1tYUzN9jiZ1NHNQmU6Gt+M+rltgiIo3L23RU9l+DsK9D8caIwkXzvUw+s0MFNRSzjC B7tA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=xA+lSgCv; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j15-v6si21626889pgg.433.2018.10.18.10.59.26; Thu, 18 Oct 2018 10:59:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=xA+lSgCv; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729038AbeJSCA0 (ORCPT + 99 others); Thu, 18 Oct 2018 22:00:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:48076 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726650AbeJSCA0 (ORCPT ); Thu, 18 Oct 2018 22:00:26 -0400 Received: from localhost (ip-213-127-77-176.ip.prioritytelecom.net [213.127.77.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 95332204FD; Thu, 18 Oct 2018 17:58:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1539885501; bh=w8q+mVtL+Kffv88U8yKTnrqrPzBMlzJG6vj244yoMWw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=xA+lSgCvjbR0RlQjdnh3oCxBjD3HwcPEMlomZ4hzIhFHqEIlngoLi2ooZe5wc4jtK qxttOxG5KBetcyvE52w8Usjw9HaI5iJAXiTiroUwAlIK25gFHEh3eYo8UXvC1kvk8y 6m+tikHosDMGGra4npY+QmmSXKOKVV+y/j/V15LI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sven Eckelmann , Antonio Quartulli , Simon Wunderlich , Sasha Levin Subject: [PATCH 4.18 06/53] batman-adv: Avoid probe ELP information leak Date: Thu, 18 Oct 2018 19:53:59 +0200 Message-Id: <20181018175417.819370203@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018175416.561567978@linuxfoundation.org> References: <20181018175416.561567978@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Sven Eckelmann [ Upstream commit 88d0895d0ea9d4431507d576c963f2ff9918144d ] The probe ELPs for WiFi interfaces are expanded to contain at least BATADV_ELP_MIN_PROBE_SIZE bytes. This is usually a lot more than the number of bytes which the template ELP packet requires. These extra padding bytes were not initialized and thus could contain data which were previously stored at the same location. It is therefore required to set it to some predefined or random values to avoid leaking private information from the system transmitting these kind of packets. Fixes: e4623c913508 ("batman-adv: Avoid probe ELP information leak") Signed-off-by: Sven Eckelmann Acked-by: Antonio Quartulli Signed-off-by: Simon Wunderlich Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- net/batman-adv/bat_v_elp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/batman-adv/bat_v_elp.c +++ b/net/batman-adv/bat_v_elp.c @@ -241,7 +241,7 @@ batadv_v_elp_wifi_neigh_probe(struct bat * the packet to be exactly of that size to make the link * throughput estimation effective. */ - skb_put(skb, probe_len - hard_iface->bat_v.elp_skb->len); + skb_put_zero(skb, probe_len - hard_iface->bat_v.elp_skb->len); batadv_dbg(BATADV_DBG_BATMAN, bat_priv, "Sending unicast (probe) ELP packet on interface %s to %pM\n",