| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c341a60f-f3d1-29f6-b825-5ebd1432e5b9@cumulusnetworks.com>
Date: Tue, 7 Feb 2017 12:29:16 +0100
From: Nikolay Aleksandrov <nikolay@...ulusnetworks.com>
To: Colin Ian King <colin.king@...onical.com>,
Roopa Prabhu <roopa@...ulusnetworks.com>
Cc: "David S. Miller" <davem@...emloft.net>,
bridge@...ts.linux-foundation.org,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: bridge: per vlan dst_metadata netlink support
On 07/02/17 12:25, Colin Ian King wrote:
> Hi,
>
> Static analysis with CoverityScan on net/bridge/br_netlink_tunnel.c has
> picked up and issue where tb[] is being referenced but contains
> uninitialized data.
>
> 222 int br_parse_vlan_tunnel_info(struct nlattr *attr,
> 223 struct vtunnel_info *tinfo)
> 224 {
>
> 1. var_decl: Declaring variable tb without initializer.
>
> 225 struct nlattr *tb[IFLA_BRIDGE_VLAN_TUNNEL_MAX + 1];
> 226 u32 tun_id;
> 227 u16 vid, flags = 0;
> 228 int err;
> 229
> 230 memset(tinfo, 0, sizeof(*tinfo));
> 231
>
> CID 1400055 (#1 of 1): Uninitialized pointer read (UNINIT)2.
> uninit_use: Using uninitialized value tb[IFLA_BRIDGE_VLAN_TUNNEL_ID].
>
> 232 if (!tb[IFLA_BRIDGE_VLAN_TUNNEL_ID] ||
> 233 !tb[IFLA_BRIDGE_VLAN_TUNNEL_VID])
> 234 return -EINVAL;
>
> Colin
>
Good catch, these should go after the parsing.
Powered by blists - more mailing lists