lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <b4a396b7c2f5467a97433d7c52530924@AcuMS.aculab.com> Date: Mon, 29 Apr 2019 15:49:44 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'Willem de Bruijn' <willemdebruijn.kernel@...il.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org> CC: "davem@...emloft.net" <davem@...emloft.net>, "ebiederm@...ssion.com" <ebiederm@...ssion.com>, Willem de Bruijn <willemb@...gle.com> Subject: RE: [PATCH net v2] packet: in recvmsg msg_name return at least sizeof sockaddr_ll From: Willem de Bruijn > Sent: 29 April 2019 16:47 > Packet send checks that msg_name is at least sizeof sockaddr_ll. > Packet recv must return at least this length, so that its output > can be passed unmodified to packet send. > > This ceased to be true since adding support for lladdr longer than > sll_addr. Since, the return value uses true address length. > > Always return at least sizeof sockaddr_ll, even if address length > is shorter. Zero the padding bytes. > > Change v1->v2: do not overwrite zeroed padding again. use copy_len. > > Fixes: 0fb375fb9b93 ("[AF_PACKET]: Allow for > 8 byte hardware addresses.") > Suggested-by: David Laight <David.Laight@...lab.com> > Signed-off-by: Willem de Bruijn <willemb@...gle.com> > --- > net/packet/af_packet.c | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) > > diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c > index e726aaba73b9f..5fe3d75b6212d 100644 > --- a/net/packet/af_packet.c > +++ b/net/packet/af_packet.c > @@ -3348,20 +3348,29 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, > sock_recv_ts_and_drops(msg, sk, skb); > > if (msg->msg_name) { > + int copy_len; > + > /* If the address length field is there to be filled > * in, we fill it in now. > */ > if (sock->type == SOCK_PACKET) { > __sockaddr_check_size(sizeof(struct sockaddr_pkt)); > msg->msg_namelen = sizeof(struct sockaddr_pkt); > + copy_len = msg->msg_namelen; > } else { > struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll; > > msg->msg_namelen = sll->sll_halen + > offsetof(struct sockaddr_ll, sll_addr); > + copy_len = msg->msg_namelen; > + if (msg->msg_namelen < sizeof(struct sockaddr_ll)) { > + memset(msg->msg_name + > + offsetof(struct sockaddr_ll, sll_addr), > + 0, sizeof(sll->sll_addr)); > + msg->msg_namelen = sizeof(struct sockaddr_ll); > + } > } > - memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, > - msg->msg_namelen); > + memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, copy_len); > } > > if (pkt_sk(sk)->auxdata) { > -- > 2.21.0.593.g511ec345e18-goog Looks ok to me, not tried to compile it though. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
Powered by blists - more mailing lists