Re: KASAN: stack-out-of-bounds Read in __nla_put

From: David Ahern
Date: Wed Jan 17 2018 - 11:59:14 EST

Next message: Marcin Wojtas: "[net-next: PATCH v3 7/7] net: mvpp2: enable ACPI support in the driver"
Previous message: Mathieu Desnoyers: "[PATCH for 4.16 05/11] membarrier: selftest: Test global expedited cmd (v2)"
In reply to: Xin Long: "Re: KASAN: stack-out-of-bounds Read in __nla_put"
Next in thread: Xin Long: "Re: KASAN: stack-out-of-bounds Read in __nla_put"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/17/18 2:39 AM, Xin Long wrote:
> I guess you need to move up your memset(0) a little bit:
>
> @@ -2427,6 +2443,7 @@ int netlink_rcv_skb(struct sk_buff *skb, int
> (*cb)(struct sk_buff *,
> nlh = nlmsg_hdr(skb);
> err = 0;
>
> + memset(&extack, 0, sizeof(extack));
> if (nlh->nlmsg_len < NLMSG_HDRLEN || skb->len < nlh->nlmsg_len)
> return 0;
>
> @@ -2438,7 +2455,6 @@ int netlink_rcv_skb(struct sk_buff *skb, int
> (*cb)(struct sk_buff *,
> if (nlh->nlmsg_type < NLMSG_MIN_TYPE)
> goto ack;
>
> - memset(&extack, 0, sizeof(extack));
> err = cb(skb, nlh, &extack);
>
> So that 'goto ack's won't skip it. :-)
>

you are correct. Can you submit a patch to do that?

Next message: Marcin Wojtas: "[net-next: PATCH v3 7/7] net: mvpp2: enable ACPI support in the driver"
Previous message: Mathieu Desnoyers: "[PATCH for 4.16 05/11] membarrier: selftest: Test global expedited cmd (v2)"
In reply to: Xin Long: "Re: KASAN: stack-out-of-bounds Read in __nla_put"
Next in thread: Xin Long: "Re: KASAN: stack-out-of-bounds Read in __nla_put"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]