| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Jul 2017 02:58:12 +0800
From: kbuild test robot <lkp@...el.com>
To: Alexander Potapenko <glider@...gle.com>
Cc: kbuild-all@...org, dvyukov@...gle.com, kcc@...gle.com,
edumazet@...gle.com, davem@...emloft.net, lucien.xin@...il.com,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH v2] sctp: don't dereference ptr before leaving
_sctp_walk_{params,errors}()
Hi Alexander,
[auto build test ERROR on net-next/master]
[also build test ERROR on next-20170714]
[cannot apply to v4.12]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Alexander-Potapenko/sctp-don-t-dereference-ptr-before-leaving-_sctp_walk_-params-errors/20170715-013318
config: x86_64-rhel (attached as .config)
compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All error/warnings (new ones prefixed by >>):
In file included from include/linux/compiler.h:58:0,
from include/uapi/linux/stddef.h:1,
from include/linux/stddef.h:4,
from include/uapi/linux/posix_types.h:4,
from include/uapi/linux/types.h:13,
from include/linux/types.h:5,
from net/sctp/sm_statefuns.c:48:
net/sctp/sm_statefuns.c: In function 'sctp_sf_do_reconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
>> net/sctp/sm_statefuns.c:3871:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, hdr, params) {
^~~~~~~~~~~~~~~~
--
In file included from include/linux/compiler.h:58:0,
from arch/x86/include/asm/atomic.h:4,
from include/linux/atomic.h:4,
from include/linux/crypto.h:20,
from include/crypto/hash.h:16,
from net/sctp/sm_make_chunk.c:48:
net/sctp/sm_make_chunk.c: In function 'sctp_verify_init':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
>> net/sctp/sm_make_chunk.c:2262:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, peer_init, init_hdr.params) {
^~~~~~~~~~~~~~~~
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c:2285:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, peer_init, init_hdr.params) {
^~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c: In function 'sctp_process_init':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c:2338:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, peer_init, init_hdr.params) {
^~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c: In function 'sctp_verify_asconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c:3148:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, addip, addip_hdr.params) {
^~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c: In function 'sctp_process_asconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c:3248:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, addip, addip_hdr.params) {
^~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c: In function 'sctp_verify_reconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c:3800:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, hdr, params) {
^~~~~~~~~~~~~~~~
--
In file included from include/linux/compiler.h:58:0,
from include/uapi/linux/stddef.h:1,
from include/linux/stddef.h:4,
from include/uapi/linux/posix_types.h:4,
from include/uapi/linux/types.h:13,
from include/linux/types.h:5,
from net/sctp/input.c:44:
net/sctp/input.c: In function '__sctp_rcv_init_lookup':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
>> net/sctp/input.c:1076:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(params, init, init_hdr.params) {
^~~~~~~~~~~~~~~~
--
In file included from include/linux/compiler.h:58:0,
from include/uapi/linux/stddef.h:1,
from include/linux/stddef.h:4,
from include/uapi/linux/posix_types.h:4,
from include/uapi/linux/types.h:13,
from include/linux/types.h:5,
from include/net/sctp/sctp.h:58,
from net/sctp/stream.c:35:
net/sctp/stream.c: In function 'sctp_chunk_lookup_strreset_param':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
>> net/sctp/stream.c:319:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, hdr, params) {
^~~~~~~~~~~~~~~~
--
In file included from include/linux/compiler.h:58:0,
from include/uapi/linux/stddef.h:1,
from include/linux/stddef.h:4,
from include/uapi/linux/posix_types.h:4,
from include/uapi/linux/types.h:13,
from include/linux/types.h:5,
from net//sctp/sm_statefuns.c:48:
net//sctp/sm_statefuns.c: In function 'sctp_sf_do_reconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net//sctp/sm_statefuns.c:3871:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, hdr, params) {
^~~~~~~~~~~~~~~~
--
In file included from include/linux/compiler.h:58:0,
from arch/x86/include/asm/atomic.h:4,
from include/linux/atomic.h:4,
from include/linux/crypto.h:20,
from include/crypto/hash.h:16,
from net//sctp/sm_make_chunk.c:48:
net//sctp/sm_make_chunk.c: In function 'sctp_verify_init':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c:2262:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, peer_init, init_hdr.params) {
^~~~~~~~~~~~~~~~
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c:2285:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, peer_init, init_hdr.params) {
^~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c: In function 'sctp_process_init':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c:2338:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, peer_init, init_hdr.params) {
^~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c: In function 'sctp_verify_asconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c:3148:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, addip, addip_hdr.params) {
^~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c: In function 'sctp_process_asconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c:3248:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, addip, addip_hdr.params) {
^~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c: In function 'sctp_verify_reconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c:3800:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, hdr, params) {
^~~~~~~~~~~~~~~~
..
vim +/sctp_paramhdr_t +472 include/net/sctp/sctp.h
461
462 /* Walk through a list of TLV parameters. Don't trust the
463 * individual parameter lengths and instead depend on
464 * the chunk length to indicate when to stop. Make sure
465 * there is room for a param header too.
466 */
467 #define sctp_walk_params(pos, chunk, member)\
> 468 _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
469
470 #define _sctp_walk_params(pos, chunk, end, member)\
471 for (pos.v = chunk->member;\
> 472 (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
473 (void *)chunk + end) &&\
474 pos.v <= (void *)chunk + end - ntohs(pos.p->length) &&\
475 ntohs(pos.p->length) >= sizeof(struct sctp_paramhdr);\
476 pos.v += SCTP_PAD4(ntohs(pos.p->length)))
477
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
Download attachment ".config.gz" of type "application/gzip" (39295 bytes)
Powered by blists - more mailing lists