The reserved fields in batman-adv packets are not set to a constant value. The content of these memory regions is leaked unintentionally to the network.
This regression was introduced in c7fb529996cbc47bc8243d6860dac716ae70af82
Signed-off-by: Sven Eckelmann sven@narfation.org --- soft-interface.c | 1 + translation-table.c | 1 + vis.c | 2 ++ 3 files changed, 4 insertions(+)
diff --git a/soft-interface.c b/soft-interface.c index 6e2530b..80e667a 100644 --- a/soft-interface.c +++ b/soft-interface.c @@ -206,6 +206,7 @@ static int interface_tx(struct sk_buff *skb, struct net_device *soft_iface)
/* batman packet type: broadcast */ bcast_packet->header.packet_type = BAT_BCAST; + bcast_packet->reserved = 0;
/* hw address of first interface is the orig mac because only * this mac is known throughout the mesh */ diff --git a/translation-table.c b/translation-table.c index 2ab83d7..6cb4f79 100644 --- a/translation-table.c +++ b/translation-table.c @@ -1879,6 +1879,7 @@ static void send_roam_adv(struct bat_priv *bat_priv, uint8_t *client, roam_adv_packet->header.packet_type = BAT_ROAM_ADV; roam_adv_packet->header.version = COMPAT_VERSION; roam_adv_packet->header.ttl = TTL; + roam_adv_packet->reserved = 0; primary_if = primary_if_get_selected(bat_priv); if (!primary_if) goto out; diff --git a/vis.c b/vis.c index cec216f..70806af 100644 --- a/vis.c +++ b/vis.c @@ -620,6 +620,7 @@ static int generate_vis_packet(struct bat_priv *bat_priv) packet->header.ttl = TTL; packet->seqno = htonl(ntohl(packet->seqno) + 1); packet->entries = 0; + packet->reserved = 0; skb_trim(info->skb_packet, sizeof(*packet));
if (packet->vis_type == VIS_TYPE_CLIENT_UPDATE) { @@ -913,6 +914,7 @@ int vis_init(struct bat_priv *bat_priv) packet->header.packet_type = BAT_VIS; packet->header.ttl = TTL; packet->seqno = 0; + packet->reserved = 0; packet->entries = 0;
INIT_LIST_HEAD(&bat_priv->vis_send_list);