From: Johannes Berg Date: Tue, 1 Jul 2025 07:22:13 +0000 (+0200) Subject: wifi: mac80211: clear frame buffer to never leak stack X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=8af596e8ae44c3bcf36d1aea09fc9a6f17c555e5;p=linux-2.6-block.git wifi: mac80211: clear frame buffer to never leak stack In disconnect paths paths, local frame buffers are used to build deauthentication frames to send them over the air and as notifications to userspace. Some internal error paths (that, given no other bugs, cannot happen) don't always initialize the buffers before sending them to userspace, so in the presence of other bugs they can leak stack content. Initialize the buffers to avoid the possibility of this happening. Suggested-by: Zhongqiu Han Link: https://patch.msgid.link/20250701072213.13004-2-johannes@sipsolutions.net Signed-off-by: Johannes Berg --- diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 7ddb8e77b4c7..d26dcee5683a 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -3934,6 +3934,9 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, lockdep_assert_wiphy(local->hw.wiphy); + if (frame_buf) + memset(frame_buf, 0, IEEE80211_DEAUTH_FRAME_LEN); + if (WARN_ON(!ap_sta)) return;