Re: [PATCH v2] net/packet: initialize val in packet_getsockopt()
From: David Miller
Date: Tue Apr 25 2017 - 11:44:54 EST
From: Alexander Potapenko <glider@xxxxxxxxxx>
Date: Mon, 24 Apr 2017 14:59:14 +0200
> In the case getsockopt() is called with PACKET_HDRLEN and optlen < 4
> |val| remains uninitialized and the syscall may behave differently
> depending on its value. This doesn't have security consequences (as the
> uninit bytes aren't copied back), but it's still cleaner to initialize
> |val| and ensure optlen is not less than sizeof(int).
>
> This bug has been detected with KMSAN.
>
> Signed-off-by: Alexander Potapenko <glider@xxxxxxxxxx>
> ---
> v2: - if len < sizeof(int), make it 0
No, you should signal an error if the len is too small.
Returning zero bytes to userspace silently makes the user think that
he got the data he asked for.