github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-06 05:27:07 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
ee35682261
linux/net/tipc
History
Xin Long f31dd15858 tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header 
[ Upstream commit 1c075b192f ]

This is a follow-up for commit 974cb0e3e7 ("tipc: fix uninit-value
in tipc_nl_compat_name_table_dump") where it should have type casted
sizeof(..) to int to work when TLV_GET_DATA_LEN() returns a negative
value.

syzbot reported a call trace because of it:

  BUG: KMSAN: uninit-value in ...
   tipc_nl_compat_name_table_dump+0x841/0xea0 net/tipc/netlink_compat.c:934
   __tipc_nl_compat_dumpit+0xab2/0x1320 net/tipc/netlink_compat.c:238
   tipc_nl_compat_dumpit+0x991/0xb50 net/tipc/netlink_compat.c:321
   tipc_nl_compat_recv+0xb6e/0x1640 net/tipc/netlink_compat.c:1324
   genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]
   genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
   genl_rcv_msg+0x103f/0x1260 net/netlink/genetlink.c:792
   netlink_rcv_skb+0x3a5/0x6c0 net/netlink/af_netlink.c:2501
   genl_rcv+0x3c/0x50 net/netlink/genetlink.c:803
   netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
   netlink_unicast+0xf3b/0x1270 net/netlink/af_netlink.c:1345
   netlink_sendmsg+0x1288/0x1440 net/netlink/af_netlink.c:1921
   sock_sendmsg_nosec net/socket.c:714 [inline]
   sock_sendmsg net/socket.c:734 [inline]

Reported-by: syzbot+e5dbaaa238680ce206ea@syzkaller.appspotmail.com
Fixes: 974cb0e3e7 ("tipc: fix uninit-value in tipc_nl_compat_name_table_dump")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Link: https://lore.kernel.org/r/ccd6a7ea801b15aec092c3b532a883b4c5708695.1667594933.git.lucien.xin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-11-16 09:57:11 +01:00
..
addr.c
addr.h
bcast.c net: tipc: fix FB_MTU eat two pages 2021-07-14 16:56:32 +02:00
bcast.h tipc: update a binding service via broadcast 2020-06-17 08:53:34 -07:00
bearer.c tipc: check attribute length for bearer name 2022-06-14 18:32:37 +02:00
bearer.h tipc: introduce variable window congestion control 2019-12-10 17:31:15 -08:00
core.c tipc: fix use-after-free Read in tipc_named_reinit 2022-06-29 08:59:47 +02:00
core.h tipc: simplify the finalize work queue 2022-06-29 08:59:47 +02:00
crypto.c tipc: fix a bit overflow in tipc_crypto_key_rcv() 2022-03-08 19:09:29 +01:00
crypto.h tipc: add automatic rekeying for encryption key 2020-09-18 13:58:37 -07:00
diag.c
discover.c tipc: Fix recognition of trial period 2022-10-30 09:41:16 +01:00
discover.h
eth_media.c tipc: Use is_broadcast_ether_addr() instead of memcmp() 2020-08-03 16:21:46 -07:00
group.c tipc: Fix memory leak in tipc_group_create_member() 2020-09-14 16:36:20 -07:00
group.h
ib_media.c tipc: introduce variable window congestion control 2019-12-10 17:31:15 -08:00
Kconfig tipc: not enable tipc when ipv6 works as a module 2020-08-16 21:04:55 -07:00
link.c tipc: simplify the finalize work queue 2022-06-29 08:59:47 +02:00
link.h tipc: simplify the finalize work queue 2022-06-29 08:59:47 +02:00
Makefile tipc: remove meaningless assignment in Makefile 2020-01-08 12:38:54 -08:00
monitor.c tipc: fix shift wrapping bug in map_get() 2022-09-15 11:32:05 +02:00
monitor.h
msg.c net: tipc: fix FB_MTU eat two pages 2021-07-14 16:56:32 +02:00
msg.h net: tipc: fix FB_MTU eat two pages 2021-07-14 16:56:32 +02:00
name_distr.c tipc: rate limit warning for received illegal binding update 2022-02-16 12:54:26 +01:00
name_distr.h tipc: update a binding service via broadcast 2020-06-17 08:53:34 -07:00
name_table.c tipc: Fix end of loop tests for list_for_each_entry() 2022-03-02 11:42:49 +01:00
name_table.h tipc: update a binding service via broadcast 2020-06-17 08:53:34 -07:00
net.c tipc: simplify the finalize work queue 2022-06-29 08:59:47 +02:00
net.h tipc: fix a deadlock when flushing scheduled work 2020-09-07 12:08:53 -07:00
netlink_compat.c tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header 2022-11-16 09:57:11 +01:00
netlink.c tipc: add automatic rekeying for encryption key 2020-09-18 13:58:37 -07:00
netlink.h
node.c tipc: move bc link creation back to tipc_node_create 2022-07-07 17:52:18 +02:00
node.h tipc: add automatic session key exchange 2020-09-18 13:58:37 -07:00
socket.c net: Fix data-races around sysctl_[rw]mem(_offset)?. 2022-08-31 17:15:19 +02:00
socket.h tipc: call tsk_set_importance from tipc_topsrv_create_listener 2020-05-28 11:11:46 -07:00
subscr.c
subscr.h tipc: fix failed service subscription deletion 2020-05-13 12:33:19 -07:00
sysctl.c tipc: add automatic session key exchange 2020-09-18 13:58:37 -07:00
topsrv.c tipc: fix a null-ptr-deref in tipc_topsrv_accept 2022-11-03 23:57:51 +09:00
topsrv.h
trace.c
trace.h tipc: add support for broadcast rcv stats dumping 2020-05-26 15:16:52 -07:00
udp_media.c tipc: wait and exit until all work queues are done 2021-06-03 09:00:37 +02:00
udp_media.h