From patchwork Wed Apr 11 23:15:48 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jon Maloy <jon.maloy@ericsson.com>
X-Patchwork-Id: 897427
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=ericsson.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=ericsson.com header.i=@ericsson.com
	header.b="StgwCIHV"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 40M0Jx2LwFz9s1l
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 12 Apr 2018 09:16:01 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752253AbeDKXP6 (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 11 Apr 2018 19:15:58 -0400
Received: from sessmg23.ericsson.net ([193.180.251.45]:48299 "EHLO
	sessmg23.ericsson.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751633AbeDKXP5 (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 11 Apr 2018 19:15:57 -0400
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801;
	c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1523488555;
	h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type:
	Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
	List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=wm6TG3x2jjBJNKgACcK8AfaUzf6qW4HAc5ViefKAVns=;
	b=StgwCIHV4CH4HJuiowj4tmTl+rJg6K3eOdJuu3LolxoGTvpKk5UHTKjP/bXR+HzF
	svwz8Lhy3kiksq1vIUQ5J3mYCuNA4B/Kc1zS5yQ3F0g/c89WsSxatq8Z3/rA+faJ
	+UlxuY1TGqSMDaKbiGk9VeTjCNNQt7UyOBXHZtB+J8o=;
X-AuditID: c1b4fb2d-e19ff700000073d9-78-5ace972bb9c8
Received: from ESESSHC011.ericsson.se (Unknown_Domain [153.88.183.51])
	by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id
	23.06.29657.B279ECA5; Thu, 12 Apr 2018 01:15:55 +0200 (CEST)
Received: from daly.lab.linux.ericsson.se (10.35.28.123) by
	ESESSHC011.ericsson.se (153.88.183.51) with Microsoft SMTP Server
	(TLS) id 14.3.382.0; Thu, 12 Apr 2018 01:15:54 +0200
From: Jon Maloy <jon.maloy@ericsson.com>
To: <davem@davemloft.net>, <netdev@vger.kernel.org>
CC: <mohan.krishna.ghanta.krishnamurthy@ericsson.com>,
	<tung.q.nguyen@dektech.com.au>, <hoang.h.le@dektech.com.au>,
	<jon.maloy@ericsson.com>, <canh.d.luu@dektech.com.au>,
	<ying.xue@windriver.com>, <tipc-discussion@lists.sourceforge.net>
Subject: [net  1/1] tipc: fix missing initializer in tipc_sendmsg()
Date: Thu, 12 Apr 2018 01:15:48 +0200
Message-ID: <1523488548-28520-1-git-send-email-jon.maloy@ericsson.com>
X-Mailer: git-send-email 2.1.4
MIME-Version: 1.0
X-Originating-IP: [10.35.28.123]
X-Brightmail-Tracker: 
 H4sIAAAAAAAAA+NgFtrKLMWRmVeSWpSXmKPExsUyM2K7sa729HNRBv/P6FvcaOhhtphzvoXF
	4u2rWewWxxaIWWw5n2Vxpf0su8Xj69eZHdg9tqy8yeTx7gqbx+4Fn5k8Pm+S81i/ZStTAGsU
	l01Kak5mWWqRvl0CV8bnObNYCqZwVZzff4+lgXEpRxcjB4eEgInEuZllXYxcHEICRxglVraf
	ZIFwtjFKPJ90FMjh5GAT0JB4Oa2DEcQWETCWeLWykwmkiFngE6NEy8pnbCAJYQFnidUL14IV
	sQioSvy4uJYVxOYVcJM4ceEZO4gtISAncf74T2aIuKDEyZlPwBYwC0hIHHzxAiwuJKAsMffD
	NCaIegWJD7OWsU1g5JuFpGUWkpYFjEyrGEWLU4uLc9ONjPVSizKTi4vz8/TyUks2MQID8+CW
	37o7GFe/djzEKMDBqMTD+2DauSgh1sSy4srcQ4wSHMxKIrzttUAh3pTEyqrUovz4otKc1OJD
	jNIcLErivHqr9kQJCaQnlqRmp6YWpBbBZJk4OKUaGDk31Nzbuebk/vnvzGedf9Sc0mTRWBzS
	PGGL6c4dLnH9UjNdpt/+5N+35HFCT8iJX4q/liWad7PMXD//5H9+xTCpD2snCx9iCsv+qu/T
	uVWHkfH4A66a+A0xqy6kpWh27kkxCHX9w/9//U5mxTdKMZdflwrnTtrTcFk3LGqW8xkfa28+
	gzJbayWW4oxEQy3mouJEALoX+3ZIAgAA
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

The stack variable 'dnode' in __tipc_sendmsg() may theoretically
end up tipc_node_get_mtu() as an unitilalized variable.

We fix this by intializing the variable at declaration. We also add
a default else clause to the two conditional ones already there, so
that we never end up in the named function if the given address
type is illegal.

Reported-by: syzbot+b0975ce9355b347c1546@syzkaller.appspotmail.com
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
---
 net/tipc/socket.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 1fd1c8b..252a52ae 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -1278,7 +1278,7 @@ static int __tipc_sendmsg(struct socket *sock, struct msghdr *m, size_t dlen)
 	struct tipc_msg *hdr = &tsk->phdr;
 	struct tipc_name_seq *seq;
 	struct sk_buff_head pkts;
-	u32 dnode, dport;
+	u32 dport, dnode = 0;
 	u32 type, inst;
 	int mtu, rc;
 
@@ -1348,6 +1348,8 @@ static int __tipc_sendmsg(struct socket *sock, struct msghdr *m, size_t dlen)
 		msg_set_destnode(hdr, dnode);
 		msg_set_destport(hdr, dest->addr.id.ref);
 		msg_set_hdr_sz(hdr, BASIC_H_SIZE);
+	} else {
+		return -EINVAL;
 	}
 
 	/* Block or return if destination link is congested */