| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Apr 2021 08:40:03 +0800
From: kernel test robot <lkp@...el.com>
To: "Gustavo A. R. Silva" <gustavoars@...nel.org>
Cc: kbuild-all@...ts.01.org,
"Gustavo A. R. Silva" <gustavo@...eddedor.com>,
LKML <linux-kernel@...r.kernel.org>
Subject: [gustavoars-linux:testing/warray-bounds 1/13]
net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the
object at 'addr' is out of the bounds of referenced subobject 'v4' with type
'struct sockaddr_in' at offset 0
tree: https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git testing/warray-bounds
head: 8bd0f043b3e94069930bec5cb3fbb5c857748c80
commit: 5f8bd90197ff7ab1cf9f06dd9c594f3636c71297 [1/13] Makefile: Enable -Warray-bounds
config: parisc-randconfig-r016-20210415 (attached as .config)
compiler: hppa-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git/commit/?id=5f8bd90197ff7ab1cf9f06dd9c594f3636c71297
git remote add gustavoars-linux https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git
git fetch --no-tags gustavoars-linux testing/warray-bounds
git checkout 5f8bd90197ff7ab1cf9f06dd9c594f3636c71297
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross W=1 ARCH=parisc
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
All warnings (new ones prefixed by >>):
In function 'sctp_process_asconf_param',
inlined from 'sctp_process_asconf' at net/sctp/sm_make_chunk.c:3285:14:
>> net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the object at 'addr' is out of the bounds of referenced subobject 'v4' with type 'struct sockaddr_in' at offset 0 [-Warray-bounds]
3150 | memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
vim +3150 net/sctp/sm_make_chunk.c
^1da177e4c3f415 Linus Torvalds 2005-04-16 3026
^1da177e4c3f415 Linus Torvalds 2005-04-16 3027 /* Process a asconf parameter. */
dbc16db1e58da6c Al Viro 2006-11-20 3028 static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
^1da177e4c3f415 Linus Torvalds 2005-04-16 3029 struct sctp_chunk *asconf,
8b32f2348a0441e Xin Long 2017-08-03 3030 struct sctp_addip_param *asconf_param)
^1da177e4c3f415 Linus Torvalds 2005-04-16 3031 {
327c0dab8d1301c Xin Long 2017-08-11 3032 union sctp_addr_param *addr_param;
^1da177e4c3f415 Linus Torvalds 2005-04-16 3033 struct sctp_transport *peer;
^1da177e4c3f415 Linus Torvalds 2005-04-16 3034 union sctp_addr addr;
327c0dab8d1301c Xin Long 2017-08-11 3035 struct sctp_af *af;
^1da177e4c3f415 Linus Torvalds 2005-04-16 3036
8b32f2348a0441e Xin Long 2017-08-03 3037 addr_param = (void *)asconf_param + sizeof(*asconf_param);
c1cc678adaa78ae Patrick McHardy 2008-05-13 3038
44e65c1ef1e771b Wei Yongjun 2009-06-16 3039 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP &&
44e65c1ef1e771b Wei Yongjun 2009-06-16 3040 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP &&
44e65c1ef1e771b Wei Yongjun 2009-06-16 3041 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY)
44e65c1ef1e771b Wei Yongjun 2009-06-16 3042 return SCTP_ERROR_UNKNOWN_PARAM;
44e65c1ef1e771b Wei Yongjun 2009-06-16 3043
6a435732accd9e3 Shan Wei 2011-04-18 3044 switch (addr_param->p.type) {
c4492586a618d18 Wei Yongjun 2008-05-09 3045 case SCTP_PARAM_IPV6_ADDRESS:
c4492586a618d18 Wei Yongjun 2008-05-09 3046 if (!asoc->peer.ipv6_address)
945e5abceef8bdb Wei Yongjun 2009-04-16 3047 return SCTP_ERROR_DNS_FAILED;
c4492586a618d18 Wei Yongjun 2008-05-09 3048 break;
c4492586a618d18 Wei Yongjun 2008-05-09 3049 case SCTP_PARAM_IPV4_ADDRESS:
c4492586a618d18 Wei Yongjun 2008-05-09 3050 if (!asoc->peer.ipv4_address)
945e5abceef8bdb Wei Yongjun 2009-04-16 3051 return SCTP_ERROR_DNS_FAILED;
c4492586a618d18 Wei Yongjun 2008-05-09 3052 break;
c4492586a618d18 Wei Yongjun 2008-05-09 3053 default:
945e5abceef8bdb Wei Yongjun 2009-04-16 3054 return SCTP_ERROR_DNS_FAILED;
c4492586a618d18 Wei Yongjun 2008-05-09 3055 }
c4492586a618d18 Wei Yongjun 2008-05-09 3056
6a435732accd9e3 Shan Wei 2011-04-18 3057 af = sctp_get_af_specific(param_type2af(addr_param->p.type));
^1da177e4c3f415 Linus Torvalds 2005-04-16 3058 if (unlikely(!af))
945e5abceef8bdb Wei Yongjun 2009-04-16 3059 return SCTP_ERROR_DNS_FAILED;
^1da177e4c3f415 Linus Torvalds 2005-04-16 3060
dd86d136f9feb72 Al Viro 2006-11-20 3061 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0);
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3062
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3063 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3064 * or multicast address.
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3065 * (note: wildcard is permitted and requires special handling so
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3066 * make sure we check for that)
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3067 */
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3068 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb))
945e5abceef8bdb Wei Yongjun 2009-04-16 3069 return SCTP_ERROR_DNS_FAILED;
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3070
^1da177e4c3f415 Linus Torvalds 2005-04-16 3071 switch (asconf_param->param_hdr.type) {
^1da177e4c3f415 Linus Torvalds 2005-04-16 3072 case SCTP_PARAM_ADD_IP:
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3073 /* Section 4.2.1:
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3074 * If the address 0.0.0.0 or ::0 is provided, the source
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3075 * address of the packet MUST be added.
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3076 */
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3077 if (af->is_any(&addr))
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3078 memcpy(&addr, &asconf->source, sizeof(addr));
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3079
2277c7cd75e3978 Richard Haines 2018-02-13 3080 if (security_sctp_bind_connect(asoc->ep->base.sk,
2277c7cd75e3978 Richard Haines 2018-02-13 3081 SCTP_PARAM_ADD_IP,
2277c7cd75e3978 Richard Haines 2018-02-13 3082 (struct sockaddr *)&addr,
2277c7cd75e3978 Richard Haines 2018-02-13 3083 af->sockaddr_len))
2277c7cd75e3978 Richard Haines 2018-02-13 3084 return SCTP_ERROR_REQ_REFUSED;
2277c7cd75e3978 Richard Haines 2018-02-13 3085
^1da177e4c3f415 Linus Torvalds 2005-04-16 3086 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address
^1da177e4c3f415 Linus Torvalds 2005-04-16 3087 * request and does not have the local resources to add this
^1da177e4c3f415 Linus Torvalds 2005-04-16 3088 * new address to the association, it MUST return an Error
^1da177e4c3f415 Linus Torvalds 2005-04-16 3089 * Cause TLV set to the new error code 'Operation Refused
^1da177e4c3f415 Linus Torvalds 2005-04-16 3090 * Due to Resource Shortage'.
^1da177e4c3f415 Linus Torvalds 2005-04-16 3091 */
^1da177e4c3f415 Linus Torvalds 2005-04-16 3092
dd86d136f9feb72 Al Viro 2006-11-20 3093 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED);
^1da177e4c3f415 Linus Torvalds 2005-04-16 3094 if (!peer)
^1da177e4c3f415 Linus Torvalds 2005-04-16 3095 return SCTP_ERROR_RSRC_LOW;
^1da177e4c3f415 Linus Torvalds 2005-04-16 3096
^1da177e4c3f415 Linus Torvalds 2005-04-16 3097 /* Start the heartbeat timer. */
ba6f5e33bdbb9ed Marcelo Ricardo Leitner 2016-04-06 3098 sctp_transport_reset_hb_timer(peer);
6af29ccc223b0fe Michio Honda 2011-06-16 3099 asoc->new_transport = peer;
^1da177e4c3f415 Linus Torvalds 2005-04-16 3100 break;
^1da177e4c3f415 Linus Torvalds 2005-04-16 3101 case SCTP_PARAM_DEL_IP:
^1da177e4c3f415 Linus Torvalds 2005-04-16 3102 /* ADDIP 4.3 D7) If a request is received to delete the
^1da177e4c3f415 Linus Torvalds 2005-04-16 3103 * last remaining IP address of a peer endpoint, the receiver
^1da177e4c3f415 Linus Torvalds 2005-04-16 3104 * MUST send an Error Cause TLV with the error cause set to the
^1da177e4c3f415 Linus Torvalds 2005-04-16 3105 * new error code 'Request to Delete Last Remaining IP Address'.
^1da177e4c3f415 Linus Torvalds 2005-04-16 3106 */
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3107 if (asoc->peer.transport_count == 1)
^1da177e4c3f415 Linus Torvalds 2005-04-16 3108 return SCTP_ERROR_DEL_LAST_IP;
^1da177e4c3f415 Linus Torvalds 2005-04-16 3109
^1da177e4c3f415 Linus Torvalds 2005-04-16 3110 /* ADDIP 4.3 D8) If a request is received to delete an IP
^1da177e4c3f415 Linus Torvalds 2005-04-16 3111 * address which is also the source address of the IP packet
^1da177e4c3f415 Linus Torvalds 2005-04-16 3112 * which contained the ASCONF chunk, the receiver MUST reject
^1da177e4c3f415 Linus Torvalds 2005-04-16 3113 * this request. To reject the request the receiver MUST send
^1da177e4c3f415 Linus Torvalds 2005-04-16 3114 * an Error Cause TLV set to the new error code 'Request to
^1da177e4c3f415 Linus Torvalds 2005-04-16 3115 * Delete Source IP Address'
^1da177e4c3f415 Linus Torvalds 2005-04-16 3116 */
b1364104e37c9d8 Michio Honda 2011-04-26 3117 if (sctp_cmp_addr_exact(&asconf->source, &addr))
^1da177e4c3f415 Linus Torvalds 2005-04-16 3118 return SCTP_ERROR_DEL_SRC_IP;
^1da177e4c3f415 Linus Torvalds 2005-04-16 3119
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3120 /* Section 4.2.2
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3121 * If the address 0.0.0.0 or ::0 is provided, all
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3122 * addresses of the peer except the source address of the
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3123 * packet MUST be deleted.
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3124 */
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3125 if (af->is_any(&addr)) {
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3126 sctp_assoc_set_primary(asoc, asconf->transport);
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3127 sctp_assoc_del_nonprimary_peers(asoc,
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3128 asconf->transport);
7c5a9461812b21e lucien 2015-08-28 3129 return SCTP_ERROR_NO_ERROR;
7c5a9461812b21e lucien 2015-08-28 3130 }
7c5a9461812b21e lucien 2015-08-28 3131
7c5a9461812b21e lucien 2015-08-28 3132 /* If the address is not part of the association, the
7c5a9461812b21e lucien 2015-08-28 3133 * ASCONF-ACK with Error Cause Indication Parameter
7c5a9461812b21e lucien 2015-08-28 3134 * which including cause of Unresolvable Address should
7c5a9461812b21e lucien 2015-08-28 3135 * be sent.
7c5a9461812b21e lucien 2015-08-28 3136 */
7c5a9461812b21e lucien 2015-08-28 3137 peer = sctp_assoc_lookup_paddr(asoc, &addr);
7c5a9461812b21e lucien 2015-08-28 3138 if (!peer)
7c5a9461812b21e lucien 2015-08-28 3139 return SCTP_ERROR_DNS_FAILED;
7c5a9461812b21e lucien 2015-08-28 3140
7c5a9461812b21e lucien 2015-08-28 3141 sctp_assoc_rm_peer(asoc, peer);
^1da177e4c3f415 Linus Torvalds 2005-04-16 3142 break;
^1da177e4c3f415 Linus Torvalds 2005-04-16 3143 case SCTP_PARAM_SET_PRIMARY:
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3144 /* ADDIP Section 4.2.4
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3145 * If the address 0.0.0.0 or ::0 is provided, the receiver
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3146 * MAY mark the source address of the packet as its
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3147 * primary.
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3148 */
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3149 if (af->is_any(&addr))
42e30bf3463cd37 Vlad Yasevich 2007-12-20 @3150 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
42e30bf3463cd37 Vlad Yasevich 2007-12-20 3151
2277c7cd75e3978 Richard Haines 2018-02-13 3152 if (security_sctp_bind_connect(asoc->ep->base.sk,
2277c7cd75e3978 Richard Haines 2018-02-13 3153 SCTP_PARAM_SET_PRIMARY,
2277c7cd75e3978 Richard Haines 2018-02-13 3154 (struct sockaddr *)&addr,
2277c7cd75e3978 Richard Haines 2018-02-13 3155 af->sockaddr_len))
2277c7cd75e3978 Richard Haines 2018-02-13 3156 return SCTP_ERROR_REQ_REFUSED;
2277c7cd75e3978 Richard Haines 2018-02-13 3157
dd86d136f9feb72 Al Viro 2006-11-20 3158 peer = sctp_assoc_lookup_paddr(asoc, &addr);
^1da177e4c3f415 Linus Torvalds 2005-04-16 3159 if (!peer)
945e5abceef8bdb Wei Yongjun 2009-04-16 3160 return SCTP_ERROR_DNS_FAILED;
^1da177e4c3f415 Linus Torvalds 2005-04-16 3161
^1da177e4c3f415 Linus Torvalds 2005-04-16 3162 sctp_assoc_set_primary(asoc, peer);
^1da177e4c3f415 Linus Torvalds 2005-04-16 3163 break;
^1da177e4c3f415 Linus Torvalds 2005-04-16 3164 }
^1da177e4c3f415 Linus Torvalds 2005-04-16 3165
^1da177e4c3f415 Linus Torvalds 2005-04-16 3166 return SCTP_ERROR_NO_ERROR;
^1da177e4c3f415 Linus Torvalds 2005-04-16 3167 }
^1da177e4c3f415 Linus Torvalds 2005-04-16 3168
:::::: The code at line 3150 was first introduced by commit
:::::: 42e30bf3463cd37d73839376662cb79b4d5c416c [SCTP]: Handle the wildcard ADD-IP Address parameter
:::::: TO: Vlad Yasevich <vladislav.yasevich@...com>
:::::: CC: David S. Miller <davem@...emloft.net>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Download attachment ".config.gz" of type "application/gzip" (24949 bytes)
Powered by blists - more mailing lists