Received: by 10.223.164.202 with SMTP id h10csp189345wrb;
        Mon, 13 Nov 2017 05:01:34 -0800 (PST)
X-Google-Smtp-Source: AGs4zMY/jA4gL9VHCW+xf5/IG8pCXaneYfmbfyfkph8DYa9ujViF1zDYF030mF8w9LGmKoROrAIC
X-Received: by 10.98.0.5 with SMTP id 5mr5147044pfa.34.1510578094183;
        Mon, 13 Nov 2017 05:01:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1510578094; cv=none;
        d=google.com; s=arc-20160816;
        b=i7gr5EI5hGPzx+QPl0w74cXR0pKohoDRVH+FTprTlNUcPraeb+4oi9kVcBz9Lm2u2Y
         zCgnV9velNJZ/pZyOEsiW8g0SiVBweWGoIq8TjLLpqiay+4fDtnMA3Q+hnMk89I8dbxQ
         2FB0jzhAWZoIKypiHGODulr+5FD9e/IhRILHI/i1whJUNTTKAOAroLWjXf34WHtI+RIo
         IgRr4FWWAW7qTBRoj64Jsp/muKRwjmCekc8LoCWxt9m2+7K7Rc36KUm59ndaw0qQ6Cyx
         sBUiv1Z2KU3hFT/HbNAjmxjr9B/A6psJ2Pt7jg5yl21SsP+PuboOLe1IBdP+ZXn6s4r9
         Sh5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=vHm2jJhC5KdkB3lbFngeMpMZ32rVDNEMli5hDvsCM68=;
        b=COYOLRg7PI/mfnF4KKJou6npmhbt0i24XBhTkOOJqlSaUqAJzf2XvDFwDo8wW7ATTQ
         tbn51fUfWEZtuKWoAkWGMvoVL2uc1DLkynuXfnyaDvYIY3ZxaFcnyFQOg30I1G4cmhAE
         1UdBqxvX/ID6ElhG7+8T5ZdSb6qWug9ojfFUc1FtBkkbTpxTlWSO8/sY2sX5uusoEZ5l
         AiTzy/qQYWmb5H0z6l1F2EtSMG+4rvqYxeWd+OXMstBS4jlVUdUB4p1Vjir7M/X9lwze
         J207oiCkwEY3XK5zmzbOQemCWMULIMvE16hVu9JcNY9nLw0EqmcZ7uPf1f2wGzvEFbx4
         CZBg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 1si14192650pld.604.2017.11.13.05.01.20;
        Mon, 13 Nov 2017 05:01:34 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754297AbdKMNAX (ORCPT <rfc822;0330sisy@gmail.com> + 95 others);
        Mon, 13 Nov 2017 08:00:23 -0500
Received: from mail.linuxfoundation.org ([140.211.169.12]:49948 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1754262AbdKMNAU (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 13 Nov 2017 08:00:20 -0500
Received: from localhost (LFbn-1-12253-150.w90-92.abo.wanadoo.fr [90.92.67.150])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id 65B7AAA5;
        Mon, 13 Nov 2017 13:00:19 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Pan Bian <bianpan2016@163.com>,
        Kalle Valo <kvalo@codeaurora.org>,
        Sasha Levin <alexander.levin@verizon.com>
Subject: [PATCH 4.9 29/87] libertas: fix improper return value
Date:   Mon, 13 Nov 2017 13:55:46 +0100
Message-Id: <20171113125617.997449071@linuxfoundation.org>
X-Mailer: git-send-email 2.15.0
In-Reply-To: <20171113125615.304035578@linuxfoundation.org>
References: <20171113125615.304035578@linuxfoundation.org>
User-Agent: quilt/0.65
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.9-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Pan Bian <bianpan2016@163.com>


[ Upstream commit 259010c509b6f28b3b851ae45238cf526f52e185 ]

Function lbs_cmd_802_11_sleep_params() always return 0, even if the call
to lbs_cmd_with_response() fails. In this case, the parameter @sp will
keep uninitialized. Because the return value is 0, its caller (say
lbs_sleepparams_read()) will not detect the error, and will copy the
uninitialized stack memory to user sapce, resulting in stack information
leak. To avoid the bug, this patch returns variable ret (which takes
the return value of lbs_cmd_with_response()) instead of 0.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188451

Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/wireless/marvell/libertas/cmd.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/wireless/marvell/libertas/cmd.c
+++ b/drivers/net/wireless/marvell/libertas/cmd.c
@@ -305,7 +305,7 @@ int lbs_cmd_802_11_sleep_params(struct l
 	}
 
 	lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
-	return 0;
+	return ret;
 }
 
 static int lbs_wait_for_ds_awake(struct lbs_private *priv)



From 1584268800095235370@xxx Thu Nov 16 23:54:24 +0000 2017
X-GM-THRID: 1584246502879014272
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread