lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20251108034336.2100529-1-kriish.sharma2006@gmail.com>
Date: Sat,  8 Nov 2025 03:43:36 +0000
From: Kriish Sharma <kriish.sharma2006@...il.com>
To: Jason Gunthorpe <jgg@...pe.ca>,
	Leon Romanovsky <leon@...nel.org>,
	Vlad Dumitrescu <vdumitrescu@...dia.com>,
	Parav Pandit <parav@...dia.com>,
	Edward Srouji <edwards@...dia.com>
Cc: linux-rdma@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Kriish Sharma <kriish.sharma2006@...il.com>,
	syzbot+938fcd548c303fe33c1a@...kaller.appspotmail.com
Subject: [PATCH v2] RDMA/core: Check for missing DGID attribute in ib_nl_is_good_ip_resp()

KMSAN reported a use of uninitialized memory in hex_byte_pack()
via ip6_string() when printing %pI6 from ib_nl_handle_ip_res_resp().
Previously, ib_nl_process_good_ip_rsep() used the 'gid' without
verifying that the LS_NLA_TYPE_DGID attribute was present.

This patch adds a check for the DGID attribute in ib_nl_is_good_ip_resp(),
returning false if it is missing. This prevents uninitialized memory
usage downstream in ib_nl_process_good_ip_rsep().

Suggested-by: Vlad Dumitrescu <vdumitrescu@...dia.com>
Reported-by: syzbot+938fcd548c303fe33c1a@...kaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=938fcd548c303fe33c1a
Fixes: ae43f8286730 ("IB/core: Add IP to GID netlink offload")
Signed-off-by: Kriish Sharma <kriish.sharma2006@...il.com>
---
v2:
 - Added check for LS_NLA_TYPE_DGID in ib_nl_is_good_ip_resp() to
   avoid uninitialized 'gid' usage, as suggested by Vlad Dumitrescu.

v1: https://lore.kernel.org/all/20251107041002.2091584-1-kriish.sharma2006@gmail.com

 drivers/infiniband/core/addr.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c
index 61596cda2b65..dde9114fe6a1 100644
--- a/drivers/infiniband/core/addr.c
+++ b/drivers/infiniband/core/addr.c
@@ -93,13 +93,16 @@ static inline bool ib_nl_is_good_ip_resp(const struct nlmsghdr *nlh)
 	if (ret)
 		return false;
 
+	if (!tb[LS_NLA_TYPE_DGID])
+		return false;
+
 	return true;
 }
 
 static void ib_nl_process_good_ip_rsep(const struct nlmsghdr *nlh)
 {
 	const struct nlattr *head, *curr;
-	union ib_gid gid;
+	union ib_gid gid = {};
 	struct addr_req *req;
 	int len, rem;
 	int found = 0;
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ