linux/net
Johannes Berg 9c5a18a31b cfg80211: wext: clear sinfo struct before calling driver
Until recently, mac80211 overwrote all the statistics it could
provide when getting called, but it now relies on the struct
having been zeroed by the caller. This was always the case in
nl80211, but wext used a static struct which could even cause
values from one device leak to another.

Using a static struct is OK (as even documented in a comment)
since the whole usage of this function and its return value is
always locked under RTNL. Not clearing the struct for calling
the driver has always been wrong though, since drivers were
free to only fill values they could report, so calling this
for one device and then for another would always have leaked
values from one to the other.

Fix this by initializing the structure in question before the
driver method call.

This fixes https://bugzilla.kernel.org/show_bug.cgi?id=99691

Cc: stable@vger.kernel.org
Reported-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Reported-by: Alexander Kaltsas <alexkaltsas@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-06-09 13:54:58 -07:00
..
6lowpan 6lowpan: nhc: add other known rfc6282 compressions 2015-02-14 23:08:44 +01:00
9p 9p: patches for 4.1 merge window 2015-04-18 17:45:30 -04:00
802 net: Kill dev_rebuild_header 2015-03-02 16:43:41 -05:00
8021q vlan: Correctly propagate promisc|allmulti flags in notifier. 2015-05-14 00:54:32 -04:00
appletalk appletalk: Use eth_<foo>_addr instead of memset 2015-03-03 17:01:37 -05:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-04-15 09:00:47 -07:00
ax25 ax25: Fix the build when CONFIG_INET is disabled 2015-03-05 13:17:39 -05:00
batman-adv dev: introduce dev_get_iflink() 2015-04-02 14:04:59 -04:00
bluetooth Bluetooth: Fix remote name event return directly. 2015-05-14 10:35:04 +02:00
bridge bridge: disable softirqs around br_fdb_update to avoid lockup 2015-06-07 19:44:13 -07:00
caif unix/caif: sk_socket can disappear when state is unlocked 2015-05-26 23:19:29 -04:00
can can: introduce new raw socket option to join the given CAN filters 2015-04-01 11:28:22 +02:00
ceph Revert "libceph: clear r_req_lru_item in __unregister_linger_request()" 2015-05-20 21:02:46 +03:00
core net: replace last open coded skb_orphan_frags with function call 2015-06-08 12:15:13 -07:00
dcb net/dcb: Add IEEE QCN attribute 2015-03-06 21:50:02 -05:00
dccp inet: fix possible panic in reqsk_queue_unlink() 2015-04-24 11:39:15 -04:00
decnet netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
dns_resolver
dsa net: dsa: Properly propagate errors from dsa_switch_setup_one 2015-05-31 21:50:34 -07:00
ethernet ethernet: Use eth_<foo>_addr instead of memset 2015-03-03 17:01:38 -05:00
hsr net/hsr: Fix NULL pointer dereference and refcnt bugs when deleting a HSR interface. 2015-03-01 13:40:23 -05:00
ieee802154 ieee802154: trace: fix endian convertion 2015-04-30 18:48:11 +02:00
ipv4 ipv4/udp: Verify multicast group is ours in upd_v4_early_demux() 2015-06-04 00:46:26 -07:00
ipv6 ipv6: Fix protocol resubmission 2015-06-08 12:13:17 -07:00
ipx net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
irda Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-09 23:38:02 -04:00
iucv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-04-02 16:16:53 -04:00
key xfrm: simplify xfrm_address_t use 2015-03-31 13:58:35 -04:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-04-06 22:34:15 -04:00
lapb
llc net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
mac80211 mac80211: fix AP_VLAN crypto tailroom calculation 2015-05-20 15:10:11 +02:00
mac802154 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth 2015-05-09 15:51:00 -04:00
mpls mpls: fix possible use after free of device 2015-06-07 19:37:27 -07:00
netfilter netfilter: nfnetlink_{log,queue}: Register pernet in first place 2015-05-20 13:46:48 +02:00
netlabel netlink: implement nla_put_in_addr and nla_put_in6_addr 2015-03-31 13:58:35 -04:00
netlink netlink: Reset portid after netlink_insert failure 2015-05-16 17:08:57 -04:00
netrom net: Kill dev_rebuild_header 2015-03-02 16:43:41 -05:00
nfc nfc: Fix portid type in urelease_work 2015-04-13 16:35:16 -04:00
openvswitch openvswitch: disable LRO 2015-06-03 19:39:35 -07:00
packet af_packet / TX_RING not fully non-blocking (w/ MSG_DONTWAIT). 2015-05-10 19:40:08 -04:00
phonet net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
rds net/rds: RDS-TCP: only initiate reconnect attempt on outgoing TCP socket. 2015-05-09 16:03:28 -04:00
rfkill Last round of updates for net-next: 2015-02-04 14:57:45 -08:00
rose net: Kill dev_rebuild_header 2015-03-02 16:43:41 -05:00
rxrpc new helper: msg_data_left() 2015-04-11 15:53:35 -04:00
sched net_sched: invoke ->attach() after setting dev->qdisc 2015-05-27 14:09:55 -04:00
sctp sctp: avoid to repeatedly declare external variables 2015-03-25 11:40:16 -04:00
sunrpc svcrpc: fix potential GSSX_ACCEPT_SEC_CONTEXT decoding failures 2015-05-04 12:02:40 -04:00
switchdev rename RTNH_F_EXTERNAL to RTNH_F_OFFLOAD 2015-05-14 22:45:39 -04:00
tipc tipc: fix problem with parallel link synchronization mechanism 2015-04-29 15:08:59 -04:00
unix unix/caif: sk_socket can disappear when state is unlocked 2015-05-26 23:19:29 -04:00
vmw_vsock net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
wimax
wireless cfg80211: wext: clear sinfo struct before calling driver 2015-06-09 13:54:58 -07:00
x25 net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
xfrm xfrm: Override skb->mark with tunnel->parm.i_key in xfrm_input 2015-05-28 06:23:31 +02:00
compat.c net: switch importing msghdr from userland to {compat_,}import_iovec() 2015-04-09 00:02:26 -04:00
Kconfig
Makefile mpls: Refactor how the mpls module is built 2015-03-04 00:26:06 -05:00
socket.c VFS: net/: d_inode() annotations 2015-04-15 15:06:56 -04:00
sysctl_net.c