Re: [PATCH] net/packet: initialize val in packet_getsockopt()

From: David Miller
Date: Thu Apr 20 2017 - 15:56:28 EST

Next message: Matthias Kaehlcke: "Re: [PATCH] fs: compat: Remove warning from COMPATIBLE_IOCTL"
Previous message: Greg Kroah-Hartman: "Re: [PATCH 3.18 000/124] 3.18.50-stable review"
In reply to: Alexander Potapenko: "[PATCH] net/packet: initialize val in packet_getsockopt()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexander Potapenko <glider@xxxxxxxxxx>
Date: Tue, 18 Apr 2017 19:47:08 +0200

> In the case getsockopt() is called with PACKET_HDRLEN and zero length,
> |val| remains uninitialized and the syscall may behave differently
> depending on its value. This doesn't have security consequences (as the
> uninit bytes aren't copied back), but it's still cleaner to initialize
> |val|.
>
> This bug has been detected with KMSAN.
>
> Signed-off-by: Alexander Potapenko <glider@xxxxxxxxxx>

Copying into an 'int' only 1, 2, or 3 bytes is not going to work
properly.

Either enforce that it must be 4 bytes long, or handle the smaller
sizes properly such that it will work regardless of endianness.

Thanks.

Next message: Matthias Kaehlcke: "Re: [PATCH] fs: compat: Remove warning from COMPATIBLE_IOCTL"
Previous message: Greg Kroah-Hartman: "Re: [PATCH 3.18 000/124] 3.18.50-stable review"
In reply to: Alexander Potapenko: "[PATCH] net/packet: initialize val in packet_getsockopt()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]