From kvalo at codeaurora.org  Wed Jan 18 06:43:46 2017
From: kvalo at codeaurora.org (Kalle Valo)
Date: Wed, 18 Jan 2017 14:43:46 +0000 (UTC)
Subject: [1/1] net: wireless: marvell: fix improper return value
In-Reply-To: <1480760857-4549-1-git-send-email-bianpan2016@163.com>
References: <1480760857-4549-1-git-send-email-bianpan2016@163.com>
Message-ID: <20170118144346.67067607C9@smtp.codeaurora.org>

Pan Bian <bianpan2016 at 163.com> wrote:
> Function lbs_cmd_802_11_sleep_params() always return 0, even if the call
> to lbs_cmd_with_response() fails. In this case, the parameter @sp will
> keep uninitialized. Because the return value is 0, its caller (say
> lbs_sleepparams_read()) will not detect the error, and will copy the
> uninitialized stack memory to user sapce, resulting in stack information
> leak. To avoid the bug, this patch returns variable ret (which takes
> the return value of lbs_cmd_with_response()) instead of 0.
> 
> Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188451
> 
> Signed-off-by: Pan Bian <bianpan2016 at 163.com>

The prefix should be "libertas:", I'll fix that.

-- 
https://patchwork.kernel.org/patch/9459597/

Documentation about submitting wireless patches and checking status
from patchwork:

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches



From kvalo at codeaurora.org  Thu Jan 19 04:39:13 2017
From: kvalo at codeaurora.org (Kalle Valo)
Date: Thu, 19 Jan 2017 12:39:13 +0000 (UTC)
Subject: libertas: fix improper return value
In-Reply-To: <1480760857-4549-1-git-send-email-bianpan2016@163.com>
References: <1480760857-4549-1-git-send-email-bianpan2016@163.com>
Message-ID: <20170119123913.A9B066086D@smtp.codeaurora.org>

Pan Bian <bianpan2016 at 163.com> wrote:
> Function lbs_cmd_802_11_sleep_params() always return 0, even if the call
> to lbs_cmd_with_response() fails. In this case, the parameter @sp will
> keep uninitialized. Because the return value is 0, its caller (say
> lbs_sleepparams_read()) will not detect the error, and will copy the
> uninitialized stack memory to user sapce, resulting in stack information
> leak. To avoid the bug, this patch returns variable ret (which takes
> the return value of lbs_cmd_with_response()) instead of 0.
> 
> Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188451
> 
> Signed-off-by: Pan Bian <bianpan2016 at 163.com>

Patch applied to wireless-drivers-next.git, thanks.

259010c509b6 libertas: fix improper return value

-- 
https://patchwork.kernel.org/patch/9459597/

Documentation about submitting wireless patches and checking status
from patchwork:

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches