superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/net/wireless
History
Eric Dumazet 21cbf883d0 wifi: avoid kernel-infoleak from struct iw_point 
struct iw_point has a 32bit hole on 64bit arches.

struct iw_point {
  void __user   *pointer;       /* Pointer to the data  (in user space) */
  __u16         length;         /* number of fields or size in bytes */
  __u16         flags;          /* Optional params */
};

Make sure to zero the structure to avoid disclosing 32bits of kernel data
to user space.

Fixes: 87de87d5e4 ("wext: Dispatch and handle compat ioctls entirely in net/wireless/wext.c")
Reported-by: syzbot+bfc7323743ca6dbcc3d3@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/695f83f3.050a0220.1c677c.0392.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: stable@vger.kernel.org
Link: https://patch.msgid.link/20260108101927.857582-1-edumazet@google.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 		2026-01-08 13:33:05 +01:00
..
certs
tests wireless-next patches for v6.14 2024-12-19 18:54:07 -08:00
.gitignore
Kconfig wifi: cfg80211: stop exporting wext symbols 2024-10-08 21:53:31 +02:00
Makefile wifi: wext/libipw: move spy implementation to libipw 2024-10-08 21:53:18 +02:00
ap.c
chan.c wifi: cfg80211: correctly implement and validate S1G chandef 2025-09-19 11:55:56 +02:00
core.c wifi: cfg80211: stop radar detection in cfg80211_leave() 2025-11-24 13:05:23 +01:00
core.h wifi: cfg80211: stop radar detection in cfg80211_leave() 2025-11-24 13:05:23 +01:00
debugfs.c wifi: cfg80211: Add parameters to radio-specific debugfs directories 2025-10-27 09:18:41 +01:00
debugfs.h
ethtool.c wifi: cfg80211: Remove the redundant wiphy_dev 2025-09-10 15:05:48 +02:00
ibss.c wifi: cfg80211: move DFS related members to links[] in wireless_dev 2024-09-06 13:01:05 +02:00
mesh.c wifi: cfg80211: move DFS related members to links[] in wireless_dev 2024-09-06 13:01:05 +02:00
mlme.c wifi: cfg80211: stop radar detection in cfg80211_leave() 2025-11-24 13:05:23 +01:00
nl80211.c wifi: cfg80211: include s1g_primary_2mhz when sending chandef 2025-11-25 10:31:11 +01:00
nl80211.h wifi: cfg80211: Add support for dynamic addition/removal of links 2025-01-13 15:34:08 +01:00
ocb.c
of.c
pmsr.c wifi: cfg80211: define and use wiphy guard 2024-12-04 16:10:52 +01:00
radiotap.c Merge net-next/main to resolve conflicts 2024-10-09 08:59:22 +02:00
rdev-ops.h wifi: cfg80211: hide scan internals 2025-07-09 11:52:35 +02:00
reg.c wifi: cfg80211: correctly implement and validate S1G chandef 2025-09-19 11:55:56 +02:00
reg.h
scan.c wifi: cfg80211/mac80211: Add fallback mechanism for INDOOR_SP connection 2025-11-11 11:05:00 +01:00
sme.c wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() 2025-12-16 10:22:51 +01:00
sysfs.c wifi: cfg80211: replace use of system_unbound_wq with system_dfl_wq 2025-11-20 10:26:17 +01:00
sysfs.h
trace.c
trace.h wifi: cfg80211: add an hrtimer based delayed work item 2025-10-28 14:56:30 +01:00
util.c wifi: cfg80211: use cfg80211_leave() in iftype change 2025-11-24 13:05:23 +01:00
wext-compat.c wifi: cfg80211/mac80211: Add support to get radio index 2025-06-24 15:19:27 +02:00
wext-compat.h Revert "wifi: cfg80211: unexport wireless_nlevent_flush()" 2024-10-09 08:53:01 +02:00
wext-core.c wifi: avoid kernel-infoleak from struct iw_point 2026-01-08 13:33:05 +01:00
wext-priv.c wifi: avoid kernel-infoleak from struct iw_point 2026-01-08 13:33:05 +01:00
wext-proc.c
wext-sme.c wifi: cfg80211: define and use wiphy guard 2024-12-04 16:10:52 +01:00