Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-15 08:31:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
27c064ae14
linux/net/tipc
History
Xin Long 1c075b192f tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header 
This is a follow-up for commit 974cb0e3e7 ("tipc: fix uninit-value
in tipc_nl_compat_name_table_dump") where it should have type casted
sizeof(..) to int to work when TLV_GET_DATA_LEN() returns a negative
value.

syzbot reported a call trace because of it:

  BUG: KMSAN: uninit-value in ...
   tipc_nl_compat_name_table_dump+0x841/0xea0 net/tipc/netlink_compat.c:934
   __tipc_nl_compat_dumpit+0xab2/0x1320 net/tipc/netlink_compat.c:238
   tipc_nl_compat_dumpit+0x991/0xb50 net/tipc/netlink_compat.c:321
   tipc_nl_compat_recv+0xb6e/0x1640 net/tipc/netlink_compat.c:1324
   genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]
   genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
   genl_rcv_msg+0x103f/0x1260 net/netlink/genetlink.c:792
   netlink_rcv_skb+0x3a5/0x6c0 net/netlink/af_netlink.c:2501
   genl_rcv+0x3c/0x50 net/netlink/genetlink.c:803
   netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
   netlink_unicast+0xf3b/0x1270 net/netlink/af_netlink.c:1345
   netlink_sendmsg+0x1288/0x1440 net/netlink/af_netlink.c:1921
   sock_sendmsg_nosec net/socket.c:714 [inline]
   sock_sendmsg net/socket.c:734 [inline]

Reported-by: syzbot+e5dbaaa238680ce206ea@syzkaller.appspotmail.com
Fixes: 974cb0e3e7 ("tipc: fix uninit-value in tipc_nl_compat_name_table_dump")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Link: https://lore.kernel.org/r/ccd6a7ea801b15aec092c3b532a883b4c5708695.1667594933.git.lucien.xin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-11-07 19:53:40 -08:00
..
addr.c
addr.h
bcast.c
bcast.h
bearer.c net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
bearer.h
core.c tipc: fix use-after-free Read in tipc_named_reinit 2022-06-17 11:39:10 +01:00
core.h
crypto.c tipc: fix a bit overflow in tipc_crypto_key_rcv() 2022-02-13 12:12:25 +00:00
crypto.h
diag.c
discover.c tipc: Fix recognition of trial period 2022-10-14 08:17:52 +01:00
discover.h
eth_media.c
group.c
group.h
ib_media.c
Kconfig
link.c tipc: fix incorrect order of state message data sanity check 2022-03-08 22:18:42 -08:00
link.h
Makefile
monitor.c tipc: fix shift wrapping bug in map_get() 2022-09-02 12:26:29 +01:00
monitor.h
msg.c
msg.h net: tipc: remove unused static inlines 2022-01-27 13:53:27 +00:00
name_distr.c net/tipc: Remove unused struct distr_queue_item 2022-09-29 18:48:32 -07:00
name_distr.h
name_table.c tipc: cleanup unused function 2022-06-17 11:43:57 +01:00
name_table.h tipc: cleanup unused function 2022-06-17 11:43:57 +01:00
net.c
net.h
netlink_compat.c tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header 2022-11-07 19:53:40 -08:00
netlink.c genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
netlink.h
node.c tipc: move bc link creation back to tipc_node_create 2022-06-27 11:51:56 +01:00
node.h
socket.c treewide: use prandom_u32_max() when possible, part 1 2022-10-11 17:42:55 -06:00
socket.h
subscr.c
subscr.h
sysctl.c
topsrv.c tipc: fix a null-ptr-deref in tipc_topsrv_accept 2022-10-20 21:08:17 -07:00
topsrv.h
trace.c
trace.h
udp_media.c
udp_media.h