Skip to content

Commit b159b67

Browse files
PlaidCatPlaidCat
committed
wifi: mt76: replace skb_put with skb_put_zero
jira LE-1907 cve CVE-2024-42225 Rebuild_History Non-Buildable kernel-5.14.0-427.37.1.el9_4 commit-author Felix Fietkau <nbd@nbd.name> commit 7f819a2 Avoid potentially reusing uninitialized data Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 7f819a2) Signed-off-by: Jonathan Maple <jmaple@ciq.com>
1 parent a9c724a commit b159b67

File tree

2 files changed

+6
-6
lines changed

2 files changed

+6
-6
lines changed

drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -256,7 +256,7 @@ mt76_connac_mcu_add_nested_tlv(struct sk_buff *skb, int tag, int len,
256256
};
257257
u16 ntlv;
258258

259-
ptlv = skb_put(skb, len);
259+
ptlv = skb_put_zero(skb, len);
260260
memcpy(ptlv, &tlv, sizeof(tlv));
261261

262262
ntlv = le16_to_cpu(ntlv_hdr->tlv_num);
@@ -1666,7 +1666,7 @@ int mt76_connac_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif,
16661666
set_bit(MT76_HW_SCANNING, &phy->state);
16671667
mvif->scan_seq_num = (mvif->scan_seq_num + 1) & 0x7f;
16681668

1669-
req = (struct mt76_connac_hw_scan_req *)skb_put(skb, sizeof(*req));
1669+
req = (struct mt76_connac_hw_scan_req *)skb_put_zero(skb, sizeof(*req));
16701670

16711671
req->seq_num = mvif->scan_seq_num | mvif->band_idx << 7;
16721672
req->bss_idx = mvif->idx;
@@ -1794,7 +1794,7 @@ int mt76_connac_mcu_sched_scan_req(struct mt76_phy *phy,
17941794

17951795
mvif->scan_seq_num = (mvif->scan_seq_num + 1) & 0x7f;
17961796

1797-
req = (struct mt76_connac_sched_scan_req *)skb_put(skb, sizeof(*req));
1797+
req = (struct mt76_connac_sched_scan_req *)skb_put_zero(skb, sizeof(*req));
17981798
req->version = 1;
17991799
req->seq_num = mvif->scan_seq_num | mvif->band_idx << 7;
18001800

@@ -2317,7 +2317,7 @@ int mt76_connac_mcu_update_gtk_rekey(struct ieee80211_hw *hw,
23172317
return -ENOMEM;
23182318

23192319
skb_put_data(skb, &hdr, sizeof(hdr));
2320-
gtk_tlv = (struct mt76_connac_gtk_rekey_tlv *)skb_put(skb,
2320+
gtk_tlv = (struct mt76_connac_gtk_rekey_tlv *)skb_put_zero(skb,
23212321
sizeof(*gtk_tlv));
23222322
gtk_tlv->tag = cpu_to_le16(UNI_OFFLOAD_OFFLOAD_GTK_REKEY);
23232323
gtk_tlv->len = cpu_to_le16(sizeof(*gtk_tlv));
@@ -2442,7 +2442,7 @@ mt76_connac_mcu_set_wow_pattern(struct mt76_dev *dev,
24422442
return -ENOMEM;
24432443

24442444
skb_put_data(skb, &hdr, sizeof(hdr));
2445-
ptlv = (struct mt76_connac_wow_pattern_tlv *)skb_put(skb, sizeof(*ptlv));
2445+
ptlv = (struct mt76_connac_wow_pattern_tlv *)skb_put_zero(skb, sizeof(*ptlv));
24462446
ptlv->tag = cpu_to_le16(UNI_SUSPEND_WOW_PATTERN);
24472447
ptlv->len = cpu_to_le16(sizeof(*ptlv));
24482448
ptlv->data_len = pattern->pattern_len;

drivers/net/wireless/mediatek/mt76/mt7915/mcu.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -424,7 +424,7 @@ mt7915_mcu_add_nested_subtlv(struct sk_buff *skb, int sub_tag, int sub_len,
424424
.len = cpu_to_le16(sub_len),
425425
};
426426

427-
ptlv = skb_put(skb, sub_len);
427+
ptlv = skb_put_zero(skb, sub_len);
428428
memcpy(ptlv, &tlv, sizeof(tlv));
429429

430430
le16_add_cpu(sub_ntlv, 1);

0 commit comments

Comments
 (0)