From c12e3d638d1ad3c3474c067818de398dd6a70f36 Mon Sep 17 00:00:00 2001 From: Stefan Sperling Date: Sat, 12 Aug 2017 14:09:47 +0000 Subject: Fix Coverity CID 1453237: With rt2661 chips ral(4) was writing some stack memory garbage to the hardware while setting up beacon transmission. The driver left some fields of a struct rt2661_tx_desc on stack uninitialized. Zero out the entire struct before using it. ok mpi@ --- sys/dev/ic/rt2661.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sys') diff --git a/sys/dev/ic/rt2661.c b/sys/dev/ic/rt2661.c index b88aee1af20..7350385b935 100644 --- a/sys/dev/ic/rt2661.c +++ b/sys/dev/ic/rt2661.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rt2661.c,v 1.92 2017/07/03 09:21:09 kevlo Exp $ */ +/* $OpenBSD: rt2661.c,v 1.93 2017/08/12 14:09:46 stsp Exp $ */ /*- * Copyright (c) 2006 @@ -2938,6 +2938,7 @@ rt2661_prepare_beacon(struct rt2661_softc *sc) /* send beacons at the lowest available rate */ rate = IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) ? 12 : 2; + memset(&desc, 0, sizeof(desc)); rt2661_setup_tx_desc(sc, &desc, RT2661_TX_TIMESTAMP, RT2661_TX_HWSEQ, m0->m_pkthdr.len, rate, NULL, 0, RT2661_QID_MGT, RT2661_AMRR_INVALID_ID); -- cgit v1.2.3