Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp1023036ybe; Wed, 4 Sep 2019 11:17:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqyOanJEehhdrC7KbN0Ukx3EL3J9aFhw7Qlv046Qte5kKF2lBAs8DTyIq6E1G8SM87mHkggD X-Received: by 2002:a17:902:e686:: with SMTP id cn6mr42691692plb.12.1567621042602; Wed, 04 Sep 2019 11:17:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567621042; cv=none; d=google.com; s=arc-20160816; b=hEX6bxWMc+LmDjqrZDJOYcm6kjoW70Gf4dQbp4tLmr+KULDcxgzgF+omNCRUL+Sf2E 7Dsi0pWR5KyI5bL0VeUIFhZgQCeBZYPRBbLAi6nylRs2/Oc0WD5IgEN17W8yHIkRkxB+ vgjjKELGGmXUqVw7dmD5+0YkorhLleWCHmdWwdnyWo5yVxC+jWBSOT/YYZnaugxUU8b3 6u6taAPps0PcZm59TCiz8TOKkhPIaMBQxCLNRC61hi0tZmxgw3VMSVTyyLqGziy88GXI Sf7kAkYk01qR/WS2CtP/pBFomsNrQlxzCi9pSqLwEAj+Cs2SlwwvFbc06fyJW4wJGfvB ASWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=XkMFCvmfU9TAU2Vq1FCtqV8Q1jlLkxaxxx+pCaFJRZw=; b=yCXrbCjJHX1veUt4qj1CpK9IC5j6IRe2cb7JVMDxzq2Js6Pa6O7GMVp9REP2Z4vTRH T3JzE1eaq2EOwdEVGtweRToK6tcmKDkWm/EtjmMLL/cK1XH1TS6X5tnEjd1nPmgecPV2 YcLH3ytpD9TAwitY15kCLXtpQnEeqWSsWH42LWdicI1FzLnkgaJICM5IynJVzZ4W+HaJ RKLBrlqSoYIGR6LsqT7MeCpEGIEIm6obhfD/RESZHrn2iqZ6kM+OMc8cVA6I0ClHlfQ2 oictuw/Q7TFavPsf8C3RV5/hbI+xijKP4gc6TmjPPXbCGlTQ4CzH0VaSFukWp0zyiVlE LRLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=1VPKZE9E; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m186si2046447pfb.248.2019.09.04.11.17.07; Wed, 04 Sep 2019 11:17:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=1VPKZE9E; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390829AbfIDSOg (ORCPT + 99 others); Wed, 4 Sep 2019 14:14:36 -0400 Received: from mail.kernel.org ([198.145.29.99]:59880 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390826AbfIDSOd (ORCPT ); Wed, 4 Sep 2019 14:14:33 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D4E4B2087E; Wed, 4 Sep 2019 18:14:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1567620873; bh=rhf55IcYROlziFP28mrnnFn92oSViVrUFf7Fzn0oJRI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=1VPKZE9EfZGyrvsxopcyv7BS438fD3+/alA0w2oy/g9eaClAqM37AewSuTlm08/ns v75Tku2bnpiHmwSEvIhYTAq+x7WaUywjGYnaKurEVFtbIYqCxNaWfK3U+ufrhXPiV8 0RuCIwE5qRkES2zuhTR26pgV9rp/KVZCwtoIHwN4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Denis Kenzior , Johannes Berg Subject: [PATCH 5.2 127/143] mac80211: Dont memset RXCB prior to PAE intercept Date: Wed, 4 Sep 2019 19:54:30 +0200 Message-Id: <20190904175319.374648675@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20190904175314.206239922@linuxfoundation.org> References: <20190904175314.206239922@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Denis Kenzior commit c8a41c6afa27b8c3f61622dfd882b912da9d6721 upstream. In ieee80211_deliver_skb_to_local_stack intercepts EAPoL frames if mac80211 is configured to do so and forwards the contents over nl80211. During this process some additional data is also forwarded, including whether the frame was received encrypted or not. Unfortunately just prior to the call to ieee80211_deliver_skb_to_local_stack, skb->cb is cleared, resulting in incorrect data being exposed over nl80211. Fixes: 018f6fbf540d ("mac80211: Send control port frames over nl80211") Cc: stable@vger.kernel.org Signed-off-by: Denis Kenzior Link: https://lore.kernel.org/r/20190827224120.14545-2-denkenz@gmail.com Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman --- net/mac80211/rx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -2452,6 +2452,8 @@ static void ieee80211_deliver_skb_to_loc cfg80211_rx_control_port(dev, skb, noencrypt); dev_kfree_skb(skb); } else { + memset(skb->cb, 0, sizeof(skb->cb)); + /* deliver to local stack */ if (rx->napi) napi_gro_receive(rx->napi, skb); @@ -2546,8 +2548,6 @@ ieee80211_deliver_skb(struct ieee80211_r if (skb) { skb->protocol = eth_type_trans(skb, dev); - memset(skb->cb, 0, sizeof(skb->cb)); - ieee80211_deliver_skb_to_local_stack(skb, rx); }