From patchwork Fri Mar 23 12:49:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Potapenko X-Patchwork-Id: 889974 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="O/+BFGRE"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 4073Kd3LMKz9s1r for ; Fri, 23 Mar 2018 23:50:08 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752733AbeCWMty (ORCPT ); Fri, 23 Mar 2018 08:49:54 -0400 Received: from mail-wr0-f194.google.com ([209.85.128.194]:42951 "EHLO mail-wr0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752541AbeCWMtr (ORCPT ); Fri, 23 Mar 2018 08:49:47 -0400 Received: by mail-wr0-f194.google.com with SMTP id s18so12003435wrg.9 for ; Fri, 23 Mar 2018 05:49:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=7vFZpNqiGKu1sWGOUFPOKf1Z5wpC+V803734heeWfdY=; b=O/+BFGREd9+JranzJ6MR0rb/C6uq0SYuBfh3j1D2VhWJCkJG9YVkfJgD8jKxMfX+wE bajzHPp6F99k/aWcouRI9D4oumDWcZwjShJPbFAMhZG7UpKSpnrLiY4tvh80iI0o9f+Z o1X92OmSD/0rpkv+6Vb8fMXyBhtSdqDyFrphnJY0NYme7fhh7nosRZKe0OckRRarRTcy 4gZmmVzBk4l9BuPhjtT2nKHuItpfd8cgXkq4CLo4p8sxmgp4sYKvQ4pJhvitPfbckly6 N0R37k8TZDNoO/5AQnxYKdA00sSbOPwvWdXDh/IHf0gQt20JZWlBW7NHuzM2pgK/8NhZ /9oA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=7vFZpNqiGKu1sWGOUFPOKf1Z5wpC+V803734heeWfdY=; b=t/VpCA3OcUg5fdFazU79KsLdKJYz4RIu4NDrfvVZU96L4QAurHxVpqXNrfpInW5w/A SOi/6aZcHl/sIeQ8dxApMON6rfCJ36F9Abiu0Jej+6RIMeV4wb4O5lb5N9xElvqB7qxi 5m07VKDlA4iDLnkSR68j8BBvBTxm4eD59422qj+1ZZRr0EBEmvRTt+Q62q1zhEC4VdnX pSo4LmAzJCKlHP3kUlzF4pSadRMxVVQzUBxJyEufUhu2c2r9CXGYcfQZtdWf9x/C6hze DPd/bVPY6CgyoTXbLioY6IWOlx0b9+9CTV9vxsyuFRfL2WoS6ocqpatjomHwpVW/BymT aRFQ== X-Gm-Message-State: AElRT7EfRPNNrJX8/g7Me0hj0gYWOVVcKClUMGVwz/fFkl40+RwYM5qu AkoIsNH5Rnf7GsLL27iav7SaeQ== X-Google-Smtp-Source: AG47ELs0EzFqsR6Wd6G+kDeNgpA4KZO0Rqeb3dD7PSF5SHn9MXLoUUbPF3hrDcEosmikBXE68GnuZw== X-Received: by 10.223.182.143 with SMTP id j15mr17048905wre.43.1521809385546; Fri, 23 Mar 2018 05:49:45 -0700 (PDT) Received: from glider0.muc.corp.google.com ([2a00:79e0:15:10:e0c7:92b9:c022:f69b]) by smtp.gmail.com with ESMTPSA id d13sm5909818wre.36.2018.03.23.05.49.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 23 Mar 2018 05:49:44 -0700 (PDT) From: Alexander Potapenko To: dvyukov@google.com, edumazet@google.com, davem@davemloft.net Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] netlink: make sure nladdr has correct size in netlink_connect() Date: Fri, 23 Mar 2018 13:49:02 +0100 Message-Id: <20180323124902.41625-1-glider@google.com> X-Mailer: git-send-email 2.17.0.rc0.231.g781580f067-goog Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org KMSAN reports use of uninitialized memory in the case when |alen| is smaller than sizeof(struct sockaddr_nl), and therefore |nladdr| isn't fully copied from the userspace. Signed-off-by: Alexander Potapenko Fixes: 1da177e4c3f41524 ("Linux-2.6.12-rc2") Reviewed-by: Eric Dumazet --- v2: fixed a typo spotted by Eric Dumazet --- net/netlink/af_netlink.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 07e8478068f0..70c455341243 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1085,6 +1085,9 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr, if (addr->sa_family != AF_NETLINK) return -EINVAL; + if (alen < sizeof(struct sockaddr_nl)) + return -EINVAL; + if ((nladdr->nl_groups || nladdr->nl_pid) && !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND)) return -EPERM;