cfg80211_get_station is not initializing the memory given as parameter sinfo. The caller has to handle it. Otherwise the filled parameter may be set incorrectly and thus uninitialized memory is used to identify the throughput to an neighbor.
Fixes: 5c3245172c01 ("batman-adv: ELP - compute the metric based on the estimated throughput") Reported-by: Thomas Lauer holminateur@gmail.com Reported-by: Marcel Schmidt ff.z-casparistrasse@mailbox.org Signed-off-by: Sven Eckelmann sven@narfation.org ---
Cc: Thomas Lauer holminateur@gmail.com Cc: Marcel Schmidt ff.z-casparistrasse@mailbox.org
net/batman-adv/bat_v_elp.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c index 71c20c1d..5f931475 100644 --- a/net/batman-adv/bat_v_elp.c +++ b/net/batman-adv/bat_v_elp.c @@ -102,6 +102,7 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh) if (!real_netdev) goto default_throughput;
+ memset(&sinfo, 0, sizeof(sinfo)); ret = cfg80211_get_station(real_netdev, neigh->addr, &sinfo);
dev_put(real_netdev);