lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <201707150231.f4lmXnbq%fengguang.wu@intel.com>
Date:   Sat, 15 Jul 2017 02:58:12 +0800
From:   kbuild test robot <lkp@...el.com>
To:     Alexander Potapenko <glider@...gle.com>
Cc:     kbuild-all@...org, dvyukov@...gle.com, kcc@...gle.com,
        edumazet@...gle.com, davem@...emloft.net, lucien.xin@...il.com,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH v2] sctp: don't dereference ptr before leaving
 _sctp_walk_{params,errors}()

Hi Alexander,

[auto build test ERROR on net-next/master]
[also build test ERROR on next-20170714]
[cannot apply to v4.12]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Alexander-Potapenko/sctp-don-t-dereference-ptr-before-leaving-_sctp_walk_-params-errors/20170715-013318
config: x86_64-rhel (attached as .config)
compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901
reproduce:
        # save the attached .config to linux build tree
        make ARCH=x86_64 

All error/warnings (new ones prefixed by >>):

   In file included from include/linux/compiler.h:58:0,
                    from include/uapi/linux/stddef.h:1,
                    from include/linux/stddef.h:4,
                    from include/uapi/linux/posix_types.h:4,
                    from include/uapi/linux/types.h:13,
                    from include/linux/types.h:5,
                    from net/sctp/sm_statefuns.c:48:
   net/sctp/sm_statefuns.c: In function 'sctp_sf_do_reconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                           ^
   include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
     __builtin_offsetof(a, b)
                        ^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                  ^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
    _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
    ^~~~~~~~~~~~~~~~~
>> net/sctp/sm_statefuns.c:3871:2: note: in expansion of macro 'sctp_walk_params'
     sctp_walk_params(param, hdr, params) {
     ^~~~~~~~~~~~~~~~
--
   In file included from include/linux/compiler.h:58:0,
                    from arch/x86/include/asm/atomic.h:4,
                    from include/linux/atomic.h:4,
                    from include/linux/crypto.h:20,
                    from include/crypto/hash.h:16,
                    from net/sctp/sm_make_chunk.c:48:
   net/sctp/sm_make_chunk.c: In function 'sctp_verify_init':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                           ^
   include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
     __builtin_offsetof(a, b)
                        ^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                  ^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
    _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
    ^~~~~~~~~~~~~~~~~
>> net/sctp/sm_make_chunk.c:2262:2: note: in expansion of macro 'sctp_walk_params'
     sctp_walk_params(param, peer_init, init_hdr.params) {
     ^~~~~~~~~~~~~~~~
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                           ^
   include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
     __builtin_offsetof(a, b)
                        ^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                  ^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
    _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
    ^~~~~~~~~~~~~~~~~
   net/sctp/sm_make_chunk.c:2285:2: note: in expansion of macro 'sctp_walk_params'
     sctp_walk_params(param, peer_init, init_hdr.params) {
     ^~~~~~~~~~~~~~~~
   net/sctp/sm_make_chunk.c: In function 'sctp_process_init':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                           ^
   include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
     __builtin_offsetof(a, b)
                        ^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                  ^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
    _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
    ^~~~~~~~~~~~~~~~~
   net/sctp/sm_make_chunk.c:2338:2: note: in expansion of macro 'sctp_walk_params'
     sctp_walk_params(param, peer_init, init_hdr.params) {
     ^~~~~~~~~~~~~~~~
   net/sctp/sm_make_chunk.c: In function 'sctp_verify_asconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                           ^
   include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
     __builtin_offsetof(a, b)
                        ^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                  ^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
    _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
    ^~~~~~~~~~~~~~~~~
   net/sctp/sm_make_chunk.c:3148:2: note: in expansion of macro 'sctp_walk_params'
     sctp_walk_params(param, addip, addip_hdr.params) {
     ^~~~~~~~~~~~~~~~
   net/sctp/sm_make_chunk.c: In function 'sctp_process_asconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                           ^
   include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
     __builtin_offsetof(a, b)
                        ^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                  ^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
    _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
    ^~~~~~~~~~~~~~~~~
   net/sctp/sm_make_chunk.c:3248:2: note: in expansion of macro 'sctp_walk_params'
     sctp_walk_params(param, addip, addip_hdr.params) {
     ^~~~~~~~~~~~~~~~
   net/sctp/sm_make_chunk.c: In function 'sctp_verify_reconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                           ^
   include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
     __builtin_offsetof(a, b)
                        ^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                  ^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
    _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
    ^~~~~~~~~~~~~~~~~
   net/sctp/sm_make_chunk.c:3800:2: note: in expansion of macro 'sctp_walk_params'
     sctp_walk_params(param, hdr, params) {
     ^~~~~~~~~~~~~~~~
--
   In file included from include/linux/compiler.h:58:0,
                    from include/uapi/linux/stddef.h:1,
                    from include/linux/stddef.h:4,
                    from include/uapi/linux/posix_types.h:4,
                    from include/uapi/linux/types.h:13,
                    from include/linux/types.h:5,
                    from net/sctp/input.c:44:
   net/sctp/input.c: In function '__sctp_rcv_init_lookup':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                           ^
   include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
     __builtin_offsetof(a, b)
                        ^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                  ^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
    _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
    ^~~~~~~~~~~~~~~~~
>> net/sctp/input.c:1076:2: note: in expansion of macro 'sctp_walk_params'
     sctp_walk_params(params, init, init_hdr.params) {
     ^~~~~~~~~~~~~~~~
--
   In file included from include/linux/compiler.h:58:0,
                    from include/uapi/linux/stddef.h:1,
                    from include/linux/stddef.h:4,
                    from include/uapi/linux/posix_types.h:4,
                    from include/uapi/linux/types.h:13,
                    from include/linux/types.h:5,
                    from include/net/sctp/sctp.h:58,
                    from net/sctp/stream.c:35:
   net/sctp/stream.c: In function 'sctp_chunk_lookup_strreset_param':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                           ^
   include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
     __builtin_offsetof(a, b)
                        ^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                  ^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
    _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
    ^~~~~~~~~~~~~~~~~
>> net/sctp/stream.c:319:2: note: in expansion of macro 'sctp_walk_params'
     sctp_walk_params(param, hdr, params) {
     ^~~~~~~~~~~~~~~~
--
   In file included from include/linux/compiler.h:58:0,
                    from include/uapi/linux/stddef.h:1,
                    from include/linux/stddef.h:4,
                    from include/uapi/linux/posix_types.h:4,
                    from include/uapi/linux/types.h:13,
                    from include/linux/types.h:5,
                    from net//sctp/sm_statefuns.c:48:
   net//sctp/sm_statefuns.c: In function 'sctp_sf_do_reconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                           ^
   include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
     __builtin_offsetof(a, b)
                        ^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                  ^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
    _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
    ^~~~~~~~~~~~~~~~~
   net//sctp/sm_statefuns.c:3871:2: note: in expansion of macro 'sctp_walk_params'
     sctp_walk_params(param, hdr, params) {
     ^~~~~~~~~~~~~~~~
--
   In file included from include/linux/compiler.h:58:0,
                    from arch/x86/include/asm/atomic.h:4,
                    from include/linux/atomic.h:4,
                    from include/linux/crypto.h:20,
                    from include/crypto/hash.h:16,
                    from net//sctp/sm_make_chunk.c:48:
   net//sctp/sm_make_chunk.c: In function 'sctp_verify_init':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                           ^
   include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
     __builtin_offsetof(a, b)
                        ^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                  ^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
    _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
    ^~~~~~~~~~~~~~~~~
   net//sctp/sm_make_chunk.c:2262:2: note: in expansion of macro 'sctp_walk_params'
     sctp_walk_params(param, peer_init, init_hdr.params) {
     ^~~~~~~~~~~~~~~~
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                           ^
   include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
     __builtin_offsetof(a, b)
                        ^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                  ^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
    _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
    ^~~~~~~~~~~~~~~~~
   net//sctp/sm_make_chunk.c:2285:2: note: in expansion of macro 'sctp_walk_params'
     sctp_walk_params(param, peer_init, init_hdr.params) {
     ^~~~~~~~~~~~~~~~
   net//sctp/sm_make_chunk.c: In function 'sctp_process_init':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                           ^
   include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
     __builtin_offsetof(a, b)
                        ^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                  ^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
    _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
    ^~~~~~~~~~~~~~~~~
   net//sctp/sm_make_chunk.c:2338:2: note: in expansion of macro 'sctp_walk_params'
     sctp_walk_params(param, peer_init, init_hdr.params) {
     ^~~~~~~~~~~~~~~~
   net//sctp/sm_make_chunk.c: In function 'sctp_verify_asconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                           ^
   include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
     __builtin_offsetof(a, b)
                        ^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                  ^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
    _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
    ^~~~~~~~~~~~~~~~~
   net//sctp/sm_make_chunk.c:3148:2: note: in expansion of macro 'sctp_walk_params'
     sctp_walk_params(param, addip, addip_hdr.params) {
     ^~~~~~~~~~~~~~~~
   net//sctp/sm_make_chunk.c: In function 'sctp_process_asconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                           ^
   include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
     __builtin_offsetof(a, b)
                        ^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                  ^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
    _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
    ^~~~~~~~~~~~~~~~~
   net//sctp/sm_make_chunk.c:3248:2: note: in expansion of macro 'sctp_walk_params'
     sctp_walk_params(param, addip, addip_hdr.params) {
     ^~~~~~~~~~~~~~~~
   net//sctp/sm_make_chunk.c: In function 'sctp_verify_reconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                           ^
   include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
     __builtin_offsetof(a, b)
                        ^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
         (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
                  ^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
    _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
    ^~~~~~~~~~~~~~~~~
   net//sctp/sm_make_chunk.c:3800:2: note: in expansion of macro 'sctp_walk_params'
     sctp_walk_params(param, hdr, params) {
     ^~~~~~~~~~~~~~~~
..

vim +/sctp_paramhdr_t +472 include/net/sctp/sctp.h

   461	
   462	/* Walk through a list of TLV parameters.  Don't trust the
   463	 * individual parameter lengths and instead depend on
   464	 * the chunk length to indicate when to stop.  Make sure
   465	 * there is room for a param header too.
   466	 */
   467	#define sctp_walk_params(pos, chunk, member)\
 > 468	_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
   469	
   470	#define _sctp_walk_params(pos, chunk, end, member)\
   471	for (pos.v = chunk->member;\
 > 472	     (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
   473	      (void *)chunk + end) &&\
   474	     pos.v <= (void *)chunk + end - ntohs(pos.p->length) &&\
   475	     ntohs(pos.p->length) >= sizeof(struct sctp_paramhdr);\
   476	     pos.v += SCTP_PAD4(ntohs(pos.p->length)))
   477	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

Download attachment ".config.gz" of type "application/gzip" (39295 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ