diff options
| author | Johannes Berg <johannes.berg@intel.com> | 2014-09-10 08:00:16 -0400 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2014-09-11 06:07:39 -0400 |
| commit | 5393b917bcbb0ce0338668c89397137bd2b7436e (patch) | |
| tree | 478487ac71eeaa7170d34b4f575d8e819910fd0c /net | |
| parent | 78f686cae0c67a2edd167cbbe2f36017f0fa4b30 (diff) | |
cfg80211: clear nl80211 messages carrying keys after processing
Clear any nl80211 messages that might contain keys after
processing them to avoid leaving their data in memory
"forever" after they've been freed.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/wireless/nl80211.c | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index bebdf3d0ae75..e9fbd4f4ddb0 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
| @@ -9400,6 +9400,7 @@ static int nl80211_set_qos_map(struct sk_buff *skb, | |||
| 9400 | /* If a netdev is associated, it must be UP, P2P must be started */ | 9400 | /* If a netdev is associated, it must be UP, P2P must be started */ |
| 9401 | #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\ | 9401 | #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\ |
| 9402 | NL80211_FLAG_CHECK_NETDEV_UP) | 9402 | NL80211_FLAG_CHECK_NETDEV_UP) |
| 9403 | #define NL80211_FLAG_CLEAR_SKB 0x20 | ||
| 9403 | 9404 | ||
| 9404 | static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb, | 9405 | static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb, |
| 9405 | struct genl_info *info) | 9406 | struct genl_info *info) |
| @@ -9483,8 +9484,20 @@ static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb, | |||
| 9483 | dev_put(info->user_ptr[1]); | 9484 | dev_put(info->user_ptr[1]); |
| 9484 | } | 9485 | } |
| 9485 | } | 9486 | } |
| 9487 | |||
| 9486 | if (ops->internal_flags & NL80211_FLAG_NEED_RTNL) | 9488 | if (ops->internal_flags & NL80211_FLAG_NEED_RTNL) |
| 9487 | rtnl_unlock(); | 9489 | rtnl_unlock(); |
| 9490 | |||
| 9491 | /* If needed, clear the netlink message payload from the SKB | ||
| 9492 | * as it might contain key data that shouldn't stick around on | ||
| 9493 | * the heap after the SKB is freed. The netlink message header | ||
| 9494 | * is still needed for further processing, so leave it intact. | ||
| 9495 | */ | ||
| 9496 | if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) { | ||
| 9497 | struct nlmsghdr *nlh = nlmsg_hdr(skb); | ||
| 9498 | |||
| 9499 | memset(nlmsg_data(nlh), 0, nlmsg_len(nlh)); | ||
| 9500 | } | ||
| 9488 | } | 9501 | } |
| 9489 | 9502 | ||
| 9490 | static const struct genl_ops nl80211_ops[] = { | 9503 | static const struct genl_ops nl80211_ops[] = { |
| @@ -9552,7 +9565,8 @@ static const struct genl_ops nl80211_ops[] = { | |||
| 9552 | .policy = nl80211_policy, | 9565 | .policy = nl80211_policy, |
| 9553 | .flags = GENL_ADMIN_PERM, | 9566 | .flags = GENL_ADMIN_PERM, |
| 9554 | .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | | 9567 | .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | |
| 9555 | NL80211_FLAG_NEED_RTNL, | 9568 | NL80211_FLAG_NEED_RTNL | |
| 9569 | NL80211_FLAG_CLEAR_SKB, | ||
| 9556 | }, | 9570 | }, |
| 9557 | { | 9571 | { |
| 9558 | .cmd = NL80211_CMD_NEW_KEY, | 9572 | .cmd = NL80211_CMD_NEW_KEY, |
| @@ -9560,7 +9574,8 @@ static const struct genl_ops nl80211_ops[] = { | |||
| 9560 | .policy = nl80211_policy, | 9574 | .policy = nl80211_policy, |
| 9561 | .flags = GENL_ADMIN_PERM, | 9575 | .flags = GENL_ADMIN_PERM, |
| 9562 | .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | | 9576 | .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | |
| 9563 | NL80211_FLAG_NEED_RTNL, | 9577 | NL80211_FLAG_NEED_RTNL | |
| 9578 | NL80211_FLAG_CLEAR_SKB, | ||
| 9564 | }, | 9579 | }, |
| 9565 | { | 9580 | { |
| 9566 | .cmd = NL80211_CMD_DEL_KEY, | 9581 | .cmd = NL80211_CMD_DEL_KEY, |
| @@ -9738,7 +9753,8 @@ static const struct genl_ops nl80211_ops[] = { | |||
| 9738 | .policy = nl80211_policy, | 9753 | .policy = nl80211_policy, |
| 9739 | .flags = GENL_ADMIN_PERM, | 9754 | .flags = GENL_ADMIN_PERM, |
| 9740 | .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | | 9755 | .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | |
| 9741 | NL80211_FLAG_NEED_RTNL, | 9756 | NL80211_FLAG_NEED_RTNL | |
| 9757 | NL80211_FLAG_CLEAR_SKB, | ||
| 9742 | }, | 9758 | }, |
| 9743 | { | 9759 | { |
| 9744 | .cmd = NL80211_CMD_ASSOCIATE, | 9760 | .cmd = NL80211_CMD_ASSOCIATE, |
| @@ -9972,7 +9988,8 @@ static const struct genl_ops nl80211_ops[] = { | |||
| 9972 | .policy = nl80211_policy, | 9988 | .policy = nl80211_policy, |
| 9973 | .flags = GENL_ADMIN_PERM, | 9989 | .flags = GENL_ADMIN_PERM, |
| 9974 | .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | | 9990 | .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | |
| 9975 | NL80211_FLAG_NEED_RTNL, | 9991 | NL80211_FLAG_NEED_RTNL | |
| 9992 | NL80211_FLAG_CLEAR_SKB, | ||
| 9976 | }, | 9993 | }, |
| 9977 | { | 9994 | { |
| 9978 | .cmd = NL80211_CMD_TDLS_MGMT, | 9995 | .cmd = NL80211_CMD_TDLS_MGMT, |