Re: KASAN: stack-out-of-bounds Read in __nla_put

From: David Ahern
Date: Wed Jan 17 2018 - 11:59:14 EST


On 1/17/18 2:39 AM, Xin Long wrote:
> I guess you need to move up your memset(0) a little bit:
>
> @@ -2427,6 +2443,7 @@ int netlink_rcv_skb(struct sk_buff *skb, int
> (*cb)(struct sk_buff *,
> nlh = nlmsg_hdr(skb);
> err = 0;
>
> + memset(&extack, 0, sizeof(extack));
> if (nlh->nlmsg_len < NLMSG_HDRLEN || skb->len < nlh->nlmsg_len)
> return 0;
>
> @@ -2438,7 +2455,6 @@ int netlink_rcv_skb(struct sk_buff *skb, int
> (*cb)(struct sk_buff *,
> if (nlh->nlmsg_type < NLMSG_MIN_TYPE)
> goto ack;
>
> - memset(&extack, 0, sizeof(extack));
> err = cb(skb, nlh, &extack);
>
> So that 'goto ack's won't skip it. :-)
>

you are correct. Can you submit a patch to do that?