linux/net/wireless
Johannes Berg df6d02300f wext: fix potential private ioctl memory content leak
When a driver doesn't fill the entire buffer, old
heap contents may remain, and if it also doesn't
update the length properly, this old heap content
will be copied back to userspace.

It is very unlikely that this happens in any of
the drivers using private ioctls since it would
show up as junk being reported by iwpriv, but it
seems better to be safe here, so use kzalloc.

Reported-by: Jeff Mahoney <jeffm@suse.com>
Cc: stable@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-20 13:41:40 -04:00
..
.gitignore
chan.c
core.c wireless: register wiphy rfkill w/o holding cfg80211_mutex 2010-08-31 14:48:47 -04:00
core.h
db.txt
debugfs.c
debugfs.h
ethtool.c
ethtool.h
genregdb.awk
ibss.c
Kconfig
lib80211.c
lib80211_crypt_ccmp.c
lib80211_crypt_tkip.c
lib80211_crypt_wep.c
Makefile
mlme.c cfg80211: fix locking in action frame TX 2010-08-09 15:18:57 -04:00
nl80211.c nl80211: Fix memory leaks 2010-07-28 16:24:01 -04:00
nl80211.h
radiotap.c
reg.c cfg80211: Update of regulatory request initiator handling 2010-07-28 16:24:01 -04:00
reg.h
regdb.h
scan.c
sme.c
sysfs.c
sysfs.h
util.c
wext-compat.c wireless extensions: fix kernel heap content leak 2010-08-30 16:35:17 -04:00
wext-compat.h
wext-core.c wireless extensions: fix kernel heap content leak 2010-08-30 16:35:17 -04:00
wext-priv.c wext: fix potential private ioctl memory content leak 2010-09-20 13:41:40 -04:00
wext-proc.c
wext-sme.c
wext-spy.c