Received: by 10.213.65.68 with SMTP id h4csp336925imn; Fri, 23 Mar 2018 05:51:10 -0700 (PDT) X-Google-Smtp-Source: AG47ELuKBTBCS5DgWXsqJYpq4XJ/u25wRB6fN9PFCQH7bKeCMbdJGUB9GdZbE7LjNvsnqzr1Ooe1 X-Received: by 10.98.11.145 with SMTP id 17mr24057793pfl.150.1521809470804; Fri, 23 Mar 2018 05:51:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521809470; cv=none; d=google.com; s=arc-20160816; b=OH3U+EEkSX2Rqt+XuoR5Rq8JoTPLP95ozo8fLLQL0vsKQ/R6Hqo1EY/HedyIvTHXvI hAHEwNF1TRjc2nzffsWU+o4VSNzJxVn+9n26Khz/851IQjXOdlAHWf2jX90S9Gr50Ysx IXiyD4SNfvsgt4O8wFVfZl+1n+3ddp1JLpPG30uqg9IIUEcEJuUfwAMdSRoUMx7Mf+mX 7qezVYeYP5PSBSJYFjT27I437/yO7DL3lYhrwspKAK4I47d5eUFL7GDaJhwapgLnoko1 J5buZKHiLmRZeTlzQhKEtRkLU79fa4XfeolcGk3nK0aP3ciHGQNJSzr7PCO1JIQBtjoa 7swQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=7vFZpNqiGKu1sWGOUFPOKf1Z5wpC+V803734heeWfdY=; b=LzCk5NEXia8AFCm7f2uRxZFINZiq39IUBT3MJ3usQNvpK8tDFFe0Z4ZCd7RwxUvKmV iSoKCNYt2ORtToJKZVj6xuUJfKpnrUG7M04iq0mFeejzJiXcBcyPFNQn0dNtgUfrjOAH 9dMW6xzWLdyLn6R/0pnNBIGUbhrLjeDl8INUAfgCROTElSIjdJF6RwX3IytSqEGw5sRh iJRSh7BtY6e+mHzgA3aPm4Y7hwO+a8xrKNPdEWMKgQu7ZF5rFcWcMUX2VwRtLt/ID8aL MPAIUT4hz3t2LeYU3vTZm6fyiqoFV8MdxUOs43Wlh3MSn4EgL6P2oKmA2EU2kHNdTLi1 lkzQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=O/+BFGRE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j1si5985707pgp.141.2018.03.23.05.50.55; Fri, 23 Mar 2018 05:51:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=O/+BFGRE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752754AbeCWMty (ORCPT + 99 others); Fri, 23 Mar 2018 08:49:54 -0400 Received: from mail-wr0-f195.google.com ([209.85.128.195]:45215 "EHLO mail-wr0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752717AbeCWMtr (ORCPT ); Fri, 23 Mar 2018 08:49:47 -0400 Received: by mail-wr0-f195.google.com with SMTP id h2so12011459wre.12 for ; Fri, 23 Mar 2018 05:49:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=7vFZpNqiGKu1sWGOUFPOKf1Z5wpC+V803734heeWfdY=; b=O/+BFGREd9+JranzJ6MR0rb/C6uq0SYuBfh3j1D2VhWJCkJG9YVkfJgD8jKxMfX+wE bajzHPp6F99k/aWcouRI9D4oumDWcZwjShJPbFAMhZG7UpKSpnrLiY4tvh80iI0o9f+Z o1X92OmSD/0rpkv+6Vb8fMXyBhtSdqDyFrphnJY0NYme7fhh7nosRZKe0OckRRarRTcy 4gZmmVzBk4l9BuPhjtT2nKHuItpfd8cgXkq4CLo4p8sxmgp4sYKvQ4pJhvitPfbckly6 N0R37k8TZDNoO/5AQnxYKdA00sSbOPwvWdXDh/IHf0gQt20JZWlBW7NHuzM2pgK/8NhZ /9oA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=7vFZpNqiGKu1sWGOUFPOKf1Z5wpC+V803734heeWfdY=; b=HmiSQ9Cyp0f+rJYDjdrcaD9X3gmPLlyOpFldF1s463TABzZOmt+yYjr8EjQ9yNMgDC PkHyfWpEyFR17VVb7q6OvB9L9Lm4jLr2dvNBFXtK4BChIbLOkP2KRirkkXQ6e90tYohU M6/C4Ir87ZJEGFpmhEwtTktqL1ClVDtdZraBvSlTd5lajouL9ehb4PqZ3ubovmA+uxHI vGvQfDqhWUh031L7KoGNTqGpQIIQcC+ZOGl8XSR7GBkGCrOfgICgCe7O7NVbTpN0UH8s e6Em/5fhb+MlZ0nf39XtFY3QF02qRgdoOq7KARnUd+pFqeGoiHtMMXDwbQ6KVdyqmu4W fhWg== X-Gm-Message-State: AElRT7ElBsNhvs0Xpg8nx0UedIOmaUyZyGxQsOLCF8K1jd0NBnPz8n0r lLXqnMYx8+IkppRv1JAJd6sqnw== X-Received: by 10.223.182.143 with SMTP id j15mr17048905wre.43.1521809385546; Fri, 23 Mar 2018 05:49:45 -0700 (PDT) Received: from glider0.muc.corp.google.com ([2a00:79e0:15:10:e0c7:92b9:c022:f69b]) by smtp.gmail.com with ESMTPSA id d13sm5909818wre.36.2018.03.23.05.49.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 23 Mar 2018 05:49:44 -0700 (PDT) From: Alexander Potapenko To: dvyukov@google.com, edumazet@google.com, davem@davemloft.net Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] netlink: make sure nladdr has correct size in netlink_connect() Date: Fri, 23 Mar 2018 13:49:02 +0100 Message-Id: <20180323124902.41625-1-glider@google.com> X-Mailer: git-send-email 2.17.0.rc0.231.g781580f067-goog Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org KMSAN reports use of uninitialized memory in the case when |alen| is smaller than sizeof(struct sockaddr_nl), and therefore |nladdr| isn't fully copied from the userspace. Signed-off-by: Alexander Potapenko Fixes: 1da177e4c3f41524 ("Linux-2.6.12-rc2") --- v2: fixed a typo spotted by Eric Dumazet --- net/netlink/af_netlink.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 07e8478068f0..70c455341243 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1085,6 +1085,9 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr, if (addr->sa_family != AF_NETLINK) return -EINVAL; + if (alen < sizeof(struct sockaddr_nl)) + return -EINVAL; + if ((nladdr->nl_groups || nladdr->nl_pid) && !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND)) return -EPERM; -- 2.17.0.rc0.231.g781580f067-goog