Re: [PATCH net] net: af_key: zero aligned sockaddr tail in PF_KEY exports

Next message: Ziming Du: "[PATCH] PCI/sysfs: Prohibit unaligned access to I/O port"
Previous message: Boris Brezillon: "Re: [PATCH] drm/panthor: Fix kernel-doc in panthor_sched.c so it's visible"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Steffen Klassert

Date: Wed Apr 08 2026 - 05:34:37 EST

On Sun, Mar 22, 2026 at 11:46:08AM -0700, Zhengchuan Liang wrote:
> PF_KEY export paths use `pfkey_sockaddr_size()` when reserving sockaddr
> payload space, so IPv6 addresses occupy 32 bytes on the wire. However,
> `pfkey_sockaddr_fill()` initializes only the first 28 bytes of
> `struct sockaddr_in6`, leaving the final 4 aligned bytes uninitialized.
>
> Not every PF_KEY message is affected. The state and policy dump builders
> already zero the whole message buffer before filling the sockaddr
> payloads. Keep the fix to the export paths that still append aligned
> sockaddr payloads with plain `skb_put()`:
>
> - `SADB_ACQUIRE`
> - `SADB_X_NAT_T_NEW_MAPPING`
> - `SADB_X_MIGRATE`
>
> Fix those paths by clearing only the aligned sockaddr tail after
> `pfkey_sockaddr_fill()`.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Fixes: 08de61beab8a ("[PFKEYV2]: Extension for dynamic update of endpoint address(es)")
> Reported-by: Yifan Wu <yifanwucs@xxxxxxxxx>
> Reported-by: Juefei Pu <tomapufckgml@xxxxxxxxx>
> Co-developed-by: Yuan Tan <yuantan098@xxxxxxxxx>
> Signed-off-by: Yuan Tan <yuantan098@xxxxxxxxx>
> Suggested-by: Xin Liu <bird@xxxxxxxxxx>
> Tested-by: Xiao Liu <lx24@xxxxxxxxxxxxxx>
> Signed-off-by: Zhengchuan Liang <zcliangcn@xxxxxxxxx>

Applied, thanks a lot!