nl80211: Request kernel to trim off payload of netlink requests from acks

We do not need such payload in the acknowledgment, so adding it uses
resources unnecessarily. Furthermore, the original request can include
key material (e.g., NL80211_ATTR_PMK). libnl does not explicitly clear
this received message buffer and it would be inconvenient for
wpa_supplicant/hostapd to try to clear it with the current libnl design
where a duplicated buffer is actually passed to the callback. This means
that keys might be left unnecessarily in heap memory. Avoid this by
requesting the kernel not to copy back the request payload.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index a24497ff9e387c444673750373b11ed4daefb38e..a5f5078c03f3c1fbd9c33dd64e278ab6a107978d 100644 (file)
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -40,6 +40,9 @@
 #include "driver_nl80211.h"
 
 
+#ifndef NETLINK_CAP_ACK
+#define NETLINK_CAP_ACK 10
+#endif /* NETLINK_CAP_ACK */
 /* support for extack if compilation headers are too old */
 #ifndef NETLINK_EXT_ACK
 #define NETLINK_EXT_ACK 11
@@ -406,6 +409,11 @@ static int send_and_recv(struct nl80211_global *global,
        setsockopt(nl_socket_get_fd(nl_handle), SOL_NETLINK,
                   NETLINK_EXT_ACK, &opt, sizeof(opt));
 
+       /* try to set NETLINK_CAP_ACK to 1, ignoring errors */
+       opt = 1;
+       setsockopt(nl_socket_get_fd(nl_handle), SOL_NETLINK,
+                  NETLINK_CAP_ACK, &opt, sizeof(opt));
+
        err = nl_send_auto_complete(nl_handle, msg);
        if (err < 0)
                goto out;