From patchwork Fri Aug 31 13:08:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sven Eckelmann X-Patchwork-Id: 17462 X-Patchwork-Delegate: sw@simonwunderlich.de Return-Path: X-Original-To: patchwork@open-mesh.org Delivered-To: patchwork@open-mesh.org Received: from open-mesh.org (localhost [IPv6:::1]) by open-mesh.org (Postfix) with ESMTP id C16E482E02; Fri, 31 Aug 2018 15:08:49 +0200 (CEST) Authentication-Results: open-mesh.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=narfation.org header.i=@narfation.org header.b="LJSbERoj"; dkim-atps=neutral Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2001:4d88:2000:7::2; helo=v3-1039.vlinux.de; envelope-from=sven@narfation.org; receiver= Received: from v3-1039.vlinux.de (narfation.org [IPv6:2001:4d88:2000:7::2]) by open-mesh.org (Postfix) with ESMTPS id E566780499 for ; Fri, 31 Aug 2018 15:08:48 +0200 (CEST) Received: from sven-desktop.home.narfation.org (p200300C593CD60FD0000000000004065.dip0.t-ipconnect.de [IPv6:2003:c5:93cd:60fd::4065]) by v3-1039.vlinux.de (Postfix) with ESMTPSA id EC6421100D6; Fri, 31 Aug 2018 15:08:47 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=narfation.org; s=20121; t=1535720928; bh=vvXtAVlKgbpPbYfn4r3gusHn1+lLuXHTgdW71f+qBX0=; h=From:To:Cc:Subject:Date:From; b=LJSbERojYfF6rxgsGtKhXg00NRif5qvCHReWG8pYFhKwUMrRNUqCFXLVdW0Ag3rO0 i2qoLpp061R1qcY1ULtQ6wj63Lo0C5FgTHcEm6a1tj3ZtlaC6xtW9HwbTXQrlH8hZn Dyq+NbK7fa4QIrs1/+1rUIUXDEnTj7C7u9Gdedls= From: Sven Eckelmann To: b.a.t.m.a.n@lists.open-mesh.org Date: Fri, 31 Aug 2018 15:08:44 +0200 Message-Id: <20180831130844.5434-1-sven@narfation.org> X-Mailer: git-send-email 2.18.0 Subject: [B.A.T.M.A.N.] [PATCH maint] batman-adv: Avoid probe ELP information leak X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The list for a Better Approach To Mobile Ad-hoc Networking List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking Errors-To: b.a.t.m.a.n-bounces@lists.open-mesh.org Sender: "B.A.T.M.A.N" The probe ELPs for WiFi interfaces are expanded to contain at least BATADV_ELP_MIN_PROBE_SIZE bytes. This is usually a lot more than the number of bytes which the template ELP packet requires. These extra padding bytes were not initialized and thus could contain data which were previously stored at the same location. It is therefore required to set it to some predefined or random values to avoid leaking private information from the system transmitting these kind of packets. Fixes: bedcadfaa92b ("batman-adv: ELP - send unicast ELP packets for throughput sampling") Signed-off-by: Sven Eckelmann Acked-by: Antonio Quartulli --- net/batman-adv/bat_v_elp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c index 71c20c1d..e103c759 100644 --- a/net/batman-adv/bat_v_elp.c +++ b/net/batman-adv/bat_v_elp.c @@ -241,7 +241,7 @@ batadv_v_elp_wifi_neigh_probe(struct batadv_hardif_neigh_node *neigh) * the packet to be exactly of that size to make the link * throughput estimation effective. */ - skb_put(skb, probe_len - hard_iface->bat_v.elp_skb->len); + skb_put_zero(skb, probe_len - hard_iface->bat_v.elp_skb->len); batadv_dbg(BATADV_DBG_BATMAN, bat_priv, "Sending unicast (probe) ELP packet on interface %s to %pM\n",