lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20241114-fix-netlink_ack_tlv_fill-v1-1-47798af4ac96@iiitd.ac.in>
Date: Thu, 14 Nov 2024 04:14:25 +0530
From: Manas via B4 Relay <devnull+manas18244.iiitd.ac.in@...nel.org>
To: "David S. Miller" <davem@...emloft.net>, 
 Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, 
 Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>
Cc: Shuah Khan <shuah@...nel.org>, Anup Sharma <anupnewsmail@...il.com>, 
 netdev@...r.kernel.org, linux-kernel@...r.kernel.org, 
 syzbot+d4373fa8042c06cefa84@...kaller.appspotmail.com, 
 Manas <manas18244@...td.ac.in>
Subject: [PATCH] Add string check in netlink_ack_tlv_fill

From: Manas <manas18244@...td.ac.in>

netlink_ack_tlv_fill crashes when in_skb->data is an empty string. This
adds a check to prevent it.

Reported-by: syzbot+d4373fa8042c06cefa84@...kaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=d4373fa8042c06cefa84
Signed-off-by: Manas <manas18244@...td.ac.in>
---
netlink_ack_tlv_fill crashes when in_skb->data is an empty string. This
adds a check to prevent it.
---
 net/netlink/af_netlink.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 0a9287fadb47a2afaf0babe675738bc43051c5a7..ea205a4f81e9755a229d46a7e617ce0c090fe5e3 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -2205,7 +2205,7 @@ netlink_ack_tlv_fill(struct sk_buff *in_skb, struct sk_buff *skb,
 	if (!err)
 		return;
 
-	if (extack->bad_attr &&
+	if (extack->bad_attr && strlen(in_skb->data) &&
 	    !WARN_ON((u8 *)extack->bad_attr < in_skb->data ||
 		     (u8 *)extack->bad_attr >= in_skb->data + in_skb->len))
 		WARN_ON(nla_put_u32(skb, NLMSGERR_ATTR_OFFS,

---
base-commit: 2d5404caa8c7bb5c4e0435f94b28834ae5456623
change-id: 20241114-fix-netlink_ack_tlv_fill-14db336fd515

Best regards,
-- 
Manas <manas18244@...td.ac.in>



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ