nl80211/cfg80211: Make addition of new sinfo fields safer

Add a comment pointing out the use of enum station_info_flags for
all new struct station_info fields. In addition, memset the sinfo
buffer to zero before use on all paths in the current tree to avoid
leaving uninitialized pointers in the data.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

3 files changed, 7 insertions, 0 deletions

diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index 96876d366c6..ab124407592 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -563,6 +563,11 @@ struct station_info {
 
         const u8 *assoc_req_ies;
         size_t assoc_req_ies_len;
+
+        /*
+         * Note: Add a new enum station_info_flags value for each new field and
+         * use it to check which fields are initialized.
+         */
 };
 
 /**
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 3db78b696c5..5eaa1673a8f 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -330,6 +330,7 @@ static int sta_info_finish_insert(struct sta_info *sta, bool async)
         ieee80211_sta_debugfs_add(sta);
         rate_control_add_sta_debugfs(sta);
 
+        memset(&sinfo, 0, sizeof(sinfo));
         sinfo.filled = 0;
         sinfo.generation = local->sta_generation;
         cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL);
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 253e56319d7..080fd470fde 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -2267,6 +2267,7 @@ static int nl80211_dump_station(struct sk_buff *skb,
         }
 
         while (1) {
+                memset(&sinfo, 0, sizeof(sinfo));
                 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
                                              mac_addr, &sinfo);
                 if (err == -ENOENT)