wifi: mac80211_hwsim: fully initialise PMSR capabilities

Since the recent additions to PMSR capabilities, it's no longer
sufficient to call parse_pmsr_capa() here since the capabilities
that were added aren't represented/filled by it. Always init the
data to zero to avoid using uninitialized memory.

Fixes: 86c6b6e4d187 ("wifi: nl80211/cfg80211: add new FTM capabilities")
Reported-by: syzbot+c686c6b197d10ff3a749@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/69a67aa3.a70a0220.b118c.000a.GAE@google.com/
Link: https://patch.msgid.link/20260303113739.176403-2-johannes@sipsolutions.net
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/drivers/net/wireless/virtual/mac80211_hwsim.c b/drivers/net/wireless/virtual/mac80211_hwsim.c
index e89173f9163774f7825e2f938c79781a8d249c9b..f6b890dea7e07d34b2de1bcfad75f1a92335c61f 100644 (file)
--- a/drivers/net/wireless/virtual/mac80211_hwsim.c
+++ b/drivers/net/wireless/virtual/mac80211_hwsim.c
@@ -6489,7 +6489,7 @@ static int hwsim_new_radio_nl(struct sk_buff *msg, struct genl_info *info)
        if (info->attrs[HWSIM_ATTR_PMSR_SUPPORT]) {
                struct cfg80211_pmsr_capabilities *pmsr_capa;
 
-               pmsr_capa = kmalloc_obj(*pmsr_capa);
+               pmsr_capa = kzalloc_obj(*pmsr_capa);
                if (!pmsr_capa) {
                        ret = -ENOMEM;
                        goto out_free;