wifi: mac80211: clear frame buffer to never leak stack

In disconnect paths paths, local frame buffers are used to build deauthentication frames to send them over the air and as notifications to userspace. Some internal error paths (that, given no other bugs, cannot happen) don't always initialize the buffers before sending them to userspace, so in the presence of other bugs they can leak stack content. Initialize the buffers to avoid the possibility of this happening. Suggested-by: Zhongqiu Han <quic_zhonhan@quicinc.com> Link: https://patch.msgid.link/20250701072213.13004-2-johannes@sipsolutions.net Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Johannes Berg <johannes.berg@intel.com> 2025-07-01 09:22:13 +0200
committer: Johannes Berg <johannes.berg@intel.com> 2025-07-07 10:42:36 +0200
commit: 8af596e8ae44c3bcf36d1aea09fc9a6f17c555e5 (patch)
tree: f1be66283f7b729eae2d95c16be45d5c836acd83 /net
parent: wifi: mac80211: correctly identify S1G short beacon (diff)
download: linux-8af596e8ae44c3bcf36d1aea09fc9a6f17c555e5.tar.gz
linux-8af596e8ae44c3bcf36d1aea09fc9a6f17c555e5.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 7ddb8e77b4c7..d26dcee5683a 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -3934,6 +3934,9 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
 
 	lockdep_assert_wiphy(local->hw.wiphy);
 
+	if (frame_buf)
+		memset(frame_buf, 0, IEEE80211_DEAUTH_FRAME_LEN);
+
 	if (WARN_ON(!ap_sta))
 		return;
author	Johannes Berg <johannes.berg@intel.com>	2025-07-01 09:22:13 +0200
committer	Johannes Berg <johannes.berg@intel.com>	2025-07-07 10:42:36 +0200
commit	8af596e8ae44c3bcf36d1aea09fc9a6f17c555e5 (patch)
tree	f1be66283f7b729eae2d95c16be45d5c836acd83 /net
parent	wifi: mac80211: correctly identify S1G short beacon (diff)
download	linux-8af596e8ae44c3bcf36d1aea09fc9a6f17c555e5.tar.gz linux-8af596e8ae44c3bcf36d1aea09fc9a6f17c555e5.zip