lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202104160847.Bc8WPzVe-lkp@intel.com>
Date:   Fri, 16 Apr 2021 08:40:03 +0800
From:   kernel test robot <lkp@...el.com>
To:     "Gustavo A. R. Silva" <gustavoars@...nel.org>
Cc:     kbuild-all@...ts.01.org,
        "Gustavo A. R. Silva" <gustavo@...eddedor.com>,
        LKML <linux-kernel@...r.kernel.org>
Subject: [gustavoars-linux:testing/warray-bounds 1/13]
 net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the
 object at 'addr' is out of the bounds of referenced subobject 'v4' with type
 'struct sockaddr_in' at offset 0

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git testing/warray-bounds
head:   8bd0f043b3e94069930bec5cb3fbb5c857748c80
commit: 5f8bd90197ff7ab1cf9f06dd9c594f3636c71297 [1/13] Makefile: Enable -Warray-bounds
config: parisc-randconfig-r016-20210415 (attached as .config)
compiler: hppa-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git/commit/?id=5f8bd90197ff7ab1cf9f06dd9c594f3636c71297
        git remote add gustavoars-linux https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git
        git fetch --no-tags gustavoars-linux testing/warray-bounds
        git checkout 5f8bd90197ff7ab1cf9f06dd9c594f3636c71297
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross W=1 ARCH=parisc 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>

All warnings (new ones prefixed by >>):

   In function 'sctp_process_asconf_param',
       inlined from 'sctp_process_asconf' at net/sctp/sm_make_chunk.c:3285:14:
>> net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the object at 'addr' is out of the bounds of referenced subobject 'v4' with type 'struct sockaddr_in' at offset 0 [-Warray-bounds]
    3150 |    memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
         |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


vim +3150 net/sctp/sm_make_chunk.c

^1da177e4c3f415 Linus Torvalds          2005-04-16  3026  
^1da177e4c3f415 Linus Torvalds          2005-04-16  3027  /* Process a asconf parameter. */
dbc16db1e58da6c Al Viro                 2006-11-20  3028  static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
^1da177e4c3f415 Linus Torvalds          2005-04-16  3029  					struct sctp_chunk *asconf,
8b32f2348a0441e Xin Long                2017-08-03  3030  					struct sctp_addip_param *asconf_param)
^1da177e4c3f415 Linus Torvalds          2005-04-16  3031  {
327c0dab8d1301c Xin Long                2017-08-11  3032  	union sctp_addr_param *addr_param;
^1da177e4c3f415 Linus Torvalds          2005-04-16  3033  	struct sctp_transport *peer;
^1da177e4c3f415 Linus Torvalds          2005-04-16  3034  	union sctp_addr	addr;
327c0dab8d1301c Xin Long                2017-08-11  3035  	struct sctp_af *af;
^1da177e4c3f415 Linus Torvalds          2005-04-16  3036  
8b32f2348a0441e Xin Long                2017-08-03  3037  	addr_param = (void *)asconf_param + sizeof(*asconf_param);
c1cc678adaa78ae Patrick McHardy         2008-05-13  3038  
44e65c1ef1e771b Wei Yongjun             2009-06-16  3039  	if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP &&
44e65c1ef1e771b Wei Yongjun             2009-06-16  3040  	    asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP &&
44e65c1ef1e771b Wei Yongjun             2009-06-16  3041  	    asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY)
44e65c1ef1e771b Wei Yongjun             2009-06-16  3042  		return SCTP_ERROR_UNKNOWN_PARAM;
44e65c1ef1e771b Wei Yongjun             2009-06-16  3043  
6a435732accd9e3 Shan Wei                2011-04-18  3044  	switch (addr_param->p.type) {
c4492586a618d18 Wei Yongjun             2008-05-09  3045  	case SCTP_PARAM_IPV6_ADDRESS:
c4492586a618d18 Wei Yongjun             2008-05-09  3046  		if (!asoc->peer.ipv6_address)
945e5abceef8bdb Wei Yongjun             2009-04-16  3047  			return SCTP_ERROR_DNS_FAILED;
c4492586a618d18 Wei Yongjun             2008-05-09  3048  		break;
c4492586a618d18 Wei Yongjun             2008-05-09  3049  	case SCTP_PARAM_IPV4_ADDRESS:
c4492586a618d18 Wei Yongjun             2008-05-09  3050  		if (!asoc->peer.ipv4_address)
945e5abceef8bdb Wei Yongjun             2009-04-16  3051  			return SCTP_ERROR_DNS_FAILED;
c4492586a618d18 Wei Yongjun             2008-05-09  3052  		break;
c4492586a618d18 Wei Yongjun             2008-05-09  3053  	default:
945e5abceef8bdb Wei Yongjun             2009-04-16  3054  		return SCTP_ERROR_DNS_FAILED;
c4492586a618d18 Wei Yongjun             2008-05-09  3055  	}
c4492586a618d18 Wei Yongjun             2008-05-09  3056  
6a435732accd9e3 Shan Wei                2011-04-18  3057  	af = sctp_get_af_specific(param_type2af(addr_param->p.type));
^1da177e4c3f415 Linus Torvalds          2005-04-16  3058  	if (unlikely(!af))
945e5abceef8bdb Wei Yongjun             2009-04-16  3059  		return SCTP_ERROR_DNS_FAILED;
^1da177e4c3f415 Linus Torvalds          2005-04-16  3060  
dd86d136f9feb72 Al Viro                 2006-11-20  3061  	af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0);
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3062  
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3063  	/* ADDIP 4.2.1  This parameter MUST NOT contain a broadcast
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3064  	 * or multicast address.
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3065  	 * (note: wildcard is permitted and requires special handling so
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3066  	 *  make sure we check for that)
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3067  	 */
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3068  	if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb))
945e5abceef8bdb Wei Yongjun             2009-04-16  3069  		return SCTP_ERROR_DNS_FAILED;
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3070  
^1da177e4c3f415 Linus Torvalds          2005-04-16  3071  	switch (asconf_param->param_hdr.type) {
^1da177e4c3f415 Linus Torvalds          2005-04-16  3072  	case SCTP_PARAM_ADD_IP:
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3073  		/* Section 4.2.1:
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3074  		 * If the address 0.0.0.0 or ::0 is provided, the source
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3075  		 * address of the packet MUST be added.
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3076  		 */
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3077  		if (af->is_any(&addr))
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3078  			memcpy(&addr, &asconf->source, sizeof(addr));
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3079  
2277c7cd75e3978 Richard Haines          2018-02-13  3080  		if (security_sctp_bind_connect(asoc->ep->base.sk,
2277c7cd75e3978 Richard Haines          2018-02-13  3081  					       SCTP_PARAM_ADD_IP,
2277c7cd75e3978 Richard Haines          2018-02-13  3082  					       (struct sockaddr *)&addr,
2277c7cd75e3978 Richard Haines          2018-02-13  3083  					       af->sockaddr_len))
2277c7cd75e3978 Richard Haines          2018-02-13  3084  			return SCTP_ERROR_REQ_REFUSED;
2277c7cd75e3978 Richard Haines          2018-02-13  3085  
^1da177e4c3f415 Linus Torvalds          2005-04-16  3086  		/* ADDIP 4.3 D9) If an endpoint receives an ADD IP address
^1da177e4c3f415 Linus Torvalds          2005-04-16  3087  		 * request and does not have the local resources to add this
^1da177e4c3f415 Linus Torvalds          2005-04-16  3088  		 * new address to the association, it MUST return an Error
^1da177e4c3f415 Linus Torvalds          2005-04-16  3089  		 * Cause TLV set to the new error code 'Operation Refused
^1da177e4c3f415 Linus Torvalds          2005-04-16  3090  		 * Due to Resource Shortage'.
^1da177e4c3f415 Linus Torvalds          2005-04-16  3091  		 */
^1da177e4c3f415 Linus Torvalds          2005-04-16  3092  
dd86d136f9feb72 Al Viro                 2006-11-20  3093  		peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED);
^1da177e4c3f415 Linus Torvalds          2005-04-16  3094  		if (!peer)
^1da177e4c3f415 Linus Torvalds          2005-04-16  3095  			return SCTP_ERROR_RSRC_LOW;
^1da177e4c3f415 Linus Torvalds          2005-04-16  3096  
^1da177e4c3f415 Linus Torvalds          2005-04-16  3097  		/* Start the heartbeat timer. */
ba6f5e33bdbb9ed Marcelo Ricardo Leitner 2016-04-06  3098  		sctp_transport_reset_hb_timer(peer);
6af29ccc223b0fe Michio Honda            2011-06-16  3099  		asoc->new_transport = peer;
^1da177e4c3f415 Linus Torvalds          2005-04-16  3100  		break;
^1da177e4c3f415 Linus Torvalds          2005-04-16  3101  	case SCTP_PARAM_DEL_IP:
^1da177e4c3f415 Linus Torvalds          2005-04-16  3102  		/* ADDIP 4.3 D7) If a request is received to delete the
^1da177e4c3f415 Linus Torvalds          2005-04-16  3103  		 * last remaining IP address of a peer endpoint, the receiver
^1da177e4c3f415 Linus Torvalds          2005-04-16  3104  		 * MUST send an Error Cause TLV with the error cause set to the
^1da177e4c3f415 Linus Torvalds          2005-04-16  3105  		 * new error code 'Request to Delete Last Remaining IP Address'.
^1da177e4c3f415 Linus Torvalds          2005-04-16  3106  		 */
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3107  		if (asoc->peer.transport_count == 1)
^1da177e4c3f415 Linus Torvalds          2005-04-16  3108  			return SCTP_ERROR_DEL_LAST_IP;
^1da177e4c3f415 Linus Torvalds          2005-04-16  3109  
^1da177e4c3f415 Linus Torvalds          2005-04-16  3110  		/* ADDIP 4.3 D8) If a request is received to delete an IP
^1da177e4c3f415 Linus Torvalds          2005-04-16  3111  		 * address which is also the source address of the IP packet
^1da177e4c3f415 Linus Torvalds          2005-04-16  3112  		 * which contained the ASCONF chunk, the receiver MUST reject
^1da177e4c3f415 Linus Torvalds          2005-04-16  3113  		 * this request. To reject the request the receiver MUST send
^1da177e4c3f415 Linus Torvalds          2005-04-16  3114  		 * an Error Cause TLV set to the new error code 'Request to
^1da177e4c3f415 Linus Torvalds          2005-04-16  3115  		 * Delete Source IP Address'
^1da177e4c3f415 Linus Torvalds          2005-04-16  3116  		 */
b1364104e37c9d8 Michio Honda            2011-04-26  3117  		if (sctp_cmp_addr_exact(&asconf->source, &addr))
^1da177e4c3f415 Linus Torvalds          2005-04-16  3118  			return SCTP_ERROR_DEL_SRC_IP;
^1da177e4c3f415 Linus Torvalds          2005-04-16  3119  
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3120  		/* Section 4.2.2
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3121  		 * If the address 0.0.0.0 or ::0 is provided, all
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3122  		 * addresses of the peer except	the source address of the
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3123  		 * packet MUST be deleted.
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3124  		 */
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3125  		if (af->is_any(&addr)) {
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3126  			sctp_assoc_set_primary(asoc, asconf->transport);
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3127  			sctp_assoc_del_nonprimary_peers(asoc,
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3128  							asconf->transport);
7c5a9461812b21e lucien                  2015-08-28  3129  			return SCTP_ERROR_NO_ERROR;
7c5a9461812b21e lucien                  2015-08-28  3130  		}
7c5a9461812b21e lucien                  2015-08-28  3131  
7c5a9461812b21e lucien                  2015-08-28  3132  		/* If the address is not part of the association, the
7c5a9461812b21e lucien                  2015-08-28  3133  		 * ASCONF-ACK with Error Cause Indication Parameter
7c5a9461812b21e lucien                  2015-08-28  3134  		 * which including cause of Unresolvable Address should
7c5a9461812b21e lucien                  2015-08-28  3135  		 * be sent.
7c5a9461812b21e lucien                  2015-08-28  3136  		 */
7c5a9461812b21e lucien                  2015-08-28  3137  		peer = sctp_assoc_lookup_paddr(asoc, &addr);
7c5a9461812b21e lucien                  2015-08-28  3138  		if (!peer)
7c5a9461812b21e lucien                  2015-08-28  3139  			return SCTP_ERROR_DNS_FAILED;
7c5a9461812b21e lucien                  2015-08-28  3140  
7c5a9461812b21e lucien                  2015-08-28  3141  		sctp_assoc_rm_peer(asoc, peer);
^1da177e4c3f415 Linus Torvalds          2005-04-16  3142  		break;
^1da177e4c3f415 Linus Torvalds          2005-04-16  3143  	case SCTP_PARAM_SET_PRIMARY:
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3144  		/* ADDIP Section 4.2.4
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3145  		 * If the address 0.0.0.0 or ::0 is provided, the receiver
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3146  		 * MAY mark the source address of the packet as its
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3147  		 * primary.
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3148  		 */
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3149  		if (af->is_any(&addr))
42e30bf3463cd37 Vlad Yasevich           2007-12-20 @3150  			memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
42e30bf3463cd37 Vlad Yasevich           2007-12-20  3151  
2277c7cd75e3978 Richard Haines          2018-02-13  3152  		if (security_sctp_bind_connect(asoc->ep->base.sk,
2277c7cd75e3978 Richard Haines          2018-02-13  3153  					       SCTP_PARAM_SET_PRIMARY,
2277c7cd75e3978 Richard Haines          2018-02-13  3154  					       (struct sockaddr *)&addr,
2277c7cd75e3978 Richard Haines          2018-02-13  3155  					       af->sockaddr_len))
2277c7cd75e3978 Richard Haines          2018-02-13  3156  			return SCTP_ERROR_REQ_REFUSED;
2277c7cd75e3978 Richard Haines          2018-02-13  3157  
dd86d136f9feb72 Al Viro                 2006-11-20  3158  		peer = sctp_assoc_lookup_paddr(asoc, &addr);
^1da177e4c3f415 Linus Torvalds          2005-04-16  3159  		if (!peer)
945e5abceef8bdb Wei Yongjun             2009-04-16  3160  			return SCTP_ERROR_DNS_FAILED;
^1da177e4c3f415 Linus Torvalds          2005-04-16  3161  
^1da177e4c3f415 Linus Torvalds          2005-04-16  3162  		sctp_assoc_set_primary(asoc, peer);
^1da177e4c3f415 Linus Torvalds          2005-04-16  3163  		break;
^1da177e4c3f415 Linus Torvalds          2005-04-16  3164  	}
^1da177e4c3f415 Linus Torvalds          2005-04-16  3165  
^1da177e4c3f415 Linus Torvalds          2005-04-16  3166  	return SCTP_ERROR_NO_ERROR;
^1da177e4c3f415 Linus Torvalds          2005-04-16  3167  }
^1da177e4c3f415 Linus Torvalds          2005-04-16  3168  

:::::: The code at line 3150 was first introduced by commit
:::::: 42e30bf3463cd37d73839376662cb79b4d5c416c [SCTP]: Handle the wildcard ADD-IP Address parameter

:::::: TO: Vlad Yasevich <vladislav.yasevich@...com>
:::::: CC: David S. Miller <davem@...emloft.net>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (24949 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ