Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp2228569imm; Thu, 18 Oct 2018 11:02:57 -0700 (PDT) X-Google-Smtp-Source: ACcGV60UkoC9n8ZGq7BsyPJ+7x7bY7p5YIiqo2Xux9HS7wIbJ3V7ZmjplrAEmeQVW+QvpM7562kp X-Received: by 2002:a17:902:7408:: with SMTP id g8-v6mr399413pll.168.1539885776982; Thu, 18 Oct 2018 11:02:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539885776; cv=none; d=google.com; s=arc-20160816; b=WVs5HiQKp+5v/li8GmINvlptxPpU0NDYQ/MW28ycRLLWGrSnQcgnZDvwRy/v6VLS1v EMpYxkAr8diegY7JJWJb6yOT4BveJBX8p++KqJc8BaOgWUxnMC68g6Via7l8N8xPMhBF dVRxtnAhoO+6iFzTZzIFjevb3AoRqtb7YK5IfyZ4FznD5jih6/EKwWlmt+TOAVePFwRe myYzcPwS0SrD/vnD+6vCUdeagd2U906TU8WJcXSXFHPbPc2U9wogHfu2EsB8WY0jKQQC WHANijwn84caizW5w/CBk+Z/WofDsKu389uMP+5TIGlWg4c2U1aq0nJ22wtNVQ0qzv/q 5Aqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=6LFnNIaYR0wT7HIp+uthgTwrf5sPU3NbhBfxAgHAm4Q=; b=qkcvF0dsKM4zPR/2DM3oTl2IFMaw6bizpMkARTNmx43gK29KjaSpXyG0fchcJdQT6y ZWTmW5Bteh85dmpOfhFDJCLg/zbouglLj2c4ZYngpdd41kWuWs0u9DZ9xxyeocpRkSsq pC44/um+KkbwtxPMRKzAEEmMoM1dTKx7hfn2NZLCQy3pTNuBE+hcTGy+XztaTLfU7avm ABtRrJ2FzWB9RPViI0fGTUPVmElVUuTf5UCRGzFY/Fj8FH5FzUfDmX0iYa+2DmsgUlb2 fx8pWzNpVAu2NQBV7ADbfY1T9LHmSRAK8z81ulRmj7CIe37tB2ER8HlvTH+ylryvrQ5D MrQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="lU/nuyuD"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v184-v6si2302250pgb.333.2018.10.18.11.02.41; Thu, 18 Oct 2018 11:02:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="lU/nuyuD"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729397AbeJSCC1 (ORCPT + 99 others); Thu, 18 Oct 2018 22:02:27 -0400 Received: from mail.kernel.org ([198.145.29.99]:50342 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727615AbeJSCC0 (ORCPT ); Thu, 18 Oct 2018 22:02:26 -0400 Received: from localhost (ip-213-127-77-176.ip.prioritytelecom.net [213.127.77.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 073DA205C9; Thu, 18 Oct 2018 18:00:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1539885621; bh=vVDqnU6l3/cZYzEFl/xjMj7EYaKxeBaogjAnP5X6KXo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lU/nuyuD5c1YBm/BAovdQEQ8fQIEt2lA6JkrMVQBkwITjF5yySQAILBsE3wWAuONR qMYh2+uP8079Z+o3wS8oV3Nwhyc7RHxLC+KK+jvvFIe+EC/pJUi2UV6k2D1QpGyF2Q MGTnnZ6x+qfV96HuaifKkTNtMgFldGtfSMugUZU4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sven Eckelmann , Antonio Quartulli , Simon Wunderlich , Sasha Levin Subject: [PATCH 4.14 02/41] batman-adv: Avoid probe ELP information leak Date: Thu, 18 Oct 2018 19:54:17 +0200 Message-Id: <20181018175417.004202299@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018175416.718399607@linuxfoundation.org> References: <20181018175416.718399607@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Sven Eckelmann [ Upstream commit 88d0895d0ea9d4431507d576c963f2ff9918144d ] The probe ELPs for WiFi interfaces are expanded to contain at least BATADV_ELP_MIN_PROBE_SIZE bytes. This is usually a lot more than the number of bytes which the template ELP packet requires. These extra padding bytes were not initialized and thus could contain data which were previously stored at the same location. It is therefore required to set it to some predefined or random values to avoid leaking private information from the system transmitting these kind of packets. Fixes: e4623c913508 ("batman-adv: Avoid probe ELP information leak") Signed-off-by: Sven Eckelmann Acked-by: Antonio Quartulli Signed-off-by: Simon Wunderlich Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- net/batman-adv/bat_v_elp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/batman-adv/bat_v_elp.c +++ b/net/batman-adv/bat_v_elp.c @@ -227,7 +227,7 @@ batadv_v_elp_wifi_neigh_probe(struct bat * the packet to be exactly of that size to make the link * throughput estimation effective. */ - skb_put(skb, probe_len - hard_iface->bat_v.elp_skb->len); + skb_put_zero(skb, probe_len - hard_iface->bat_v.elp_skb->len); batadv_dbg(BATADV_DBG_BATMAN, bat_priv, "Sending unicast (probe) ELP packet on interface %s to %pM\n",