From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B88ABC3A5A8 for ; Wed, 4 Sep 2019 18:08:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9092F2087E for ; Wed, 4 Sep 2019 18:08:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1567620510; bh=/rTf8DzgI8IYrGf5cmSkPBb6QTLA+lA/qUe2mdsLGio=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=0pUZRuB4mZ/luoGZ4c42PQfEmcK5q/VIBXkKgLIaqG5A/+YuoENS6Zk4HG0JRjAWK s7GvJwyoAk1VgVxrsozCFXdWzIN92iFyrcZTRhDVmlZd04UYz8a08ByxWKJHZWCG0c EEFF4q1RQhetVdHsmCJ9NsBaV8bbMIajKWyHQcAY= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389800AbfIDSI3 (ORCPT ); Wed, 4 Sep 2019 14:08:29 -0400 Received: from mail.kernel.org ([198.145.29.99]:51348 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389792AbfIDSI2 (ORCPT ); Wed, 4 Sep 2019 14:08:28 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DF84920870; Wed, 4 Sep 2019 18:08:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1567620507; bh=/rTf8DzgI8IYrGf5cmSkPBb6QTLA+lA/qUe2mdsLGio=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=U2w4FVPiTe5T4ewtXEYttoikhzILNPjXVnhwxjzx9JzFRtkccvspU8G/rSDmyVwDp 9vt7bsKlXMAxq1FmGLcXHmQr8F+RGWSPuoltdz5haRK9DXIm+LfAERyYSEdj3uQum+ onjE3mrq6He4pG30PIUB3LjuAzyex5ZZH75KVuXQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Denis Kenzior , Johannes Berg Subject: [PATCH 4.19 82/93] mac80211: Dont memset RXCB prior to PAE intercept Date: Wed, 4 Sep 2019 19:54:24 +0200 Message-Id: <20190904175310.180060830@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20190904175302.845828956@linuxfoundation.org> References: <20190904175302.845828956@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Denis Kenzior commit c8a41c6afa27b8c3f61622dfd882b912da9d6721 upstream. In ieee80211_deliver_skb_to_local_stack intercepts EAPoL frames if mac80211 is configured to do so and forwards the contents over nl80211. During this process some additional data is also forwarded, including whether the frame was received encrypted or not. Unfortunately just prior to the call to ieee80211_deliver_skb_to_local_stack, skb->cb is cleared, resulting in incorrect data being exposed over nl80211. Fixes: 018f6fbf540d ("mac80211: Send control port frames over nl80211") Cc: stable@vger.kernel.org Signed-off-by: Denis Kenzior Link: https://lore.kernel.org/r/20190827224120.14545-2-denkenz@gmail.com Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman --- net/mac80211/rx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -2377,6 +2377,8 @@ static void ieee80211_deliver_skb_to_loc cfg80211_rx_control_port(dev, skb, noencrypt); dev_kfree_skb(skb); } else { + memset(skb->cb, 0, sizeof(skb->cb)); + /* deliver to local stack */ if (rx->napi) napi_gro_receive(rx->napi, skb); @@ -2470,8 +2472,6 @@ ieee80211_deliver_skb(struct ieee80211_r if (skb) { skb->protocol = eth_type_trans(skb, dev); - memset(skb->cb, 0, sizeof(skb->cb)); - ieee80211_deliver_skb_to_local_stack(skb, rx); }