[linux-next] LinuxNextTracking branch, master, updated. next-20180921

batman at open-mesh.org batman at open-mesh.org
Sat Sep 22 00:20:34 CEST 2018


The following commit has been merged in the master branch:
commit 88d0895d0ea9d4431507d576c963f2ff9918144d
Author: Sven Eckelmann <sven at narfation.org>
Date:   Fri Aug 31 15:08:44 2018 +0200

    batman-adv: Avoid probe ELP information leak
    
    The probe ELPs for WiFi interfaces are expanded to contain at least
    BATADV_ELP_MIN_PROBE_SIZE bytes. This is usually a lot more than the
    number of bytes which the template ELP packet requires.
    
    These extra padding bytes were not initialized and thus could contain data
    which were previously stored at the same location. It is therefore required
    to set it to some predefined or random values to avoid leaking private
    information from the system transmitting these kind of packets.
    
    Fixes: e4623c913508 ("batman-adv: Avoid probe ELP information leak")
    Signed-off-by: Sven Eckelmann <sven at narfation.org>
    Acked-by: Antonio Quartulli <a at unstable.cc>
    Signed-off-by: Simon Wunderlich <sw at simonwunderlich.de>

diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c
index 71c20c1d4002..e103c759b7ab 100644
--- a/net/batman-adv/bat_v_elp.c
+++ b/net/batman-adv/bat_v_elp.c
@@ -241,7 +241,7 @@ batadv_v_elp_wifi_neigh_probe(struct batadv_hardif_neigh_node *neigh)
 		 * the packet to be exactly of that size to make the link
 		 * throughput estimation effective.
 		 */
-		skb_put(skb, probe_len - hard_iface->bat_v.elp_skb->len);
+		skb_put_zero(skb, probe_len - hard_iface->bat_v.elp_skb->len);
 
 		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
 			   "Sending unicast (probe) ELP packet on interface %s to %pM\n",

-- 
LinuxNextTracking


More information about the linux-merge mailing list