Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2548171imu; Thu, 29 Nov 2018 06:43:48 -0800 (PST) X-Google-Smtp-Source: AFSGD/XekFM21PW5IlgPs5Z+S8B3tZjJT/mZis2iLjYYb9hS79V2aQm411x2/pAScEM9+yU1DbJn X-Received: by 2002:a63:e4d:: with SMTP id 13mr1336814pgo.369.1543502628352; Thu, 29 Nov 2018 06:43:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543502628; cv=none; d=google.com; s=arc-20160816; b=z+qKaIBVpPrGjccHp2JyVsQwSaEfmc5fZ0CsqacnvNhb6A/4bhH/DjczrBOr3Ryveb +zPN4eHTZFArHOY0LjWiYRRKHPvFVQA1fizVGK4g2GCjlYa8V1Zl9SjWYaEMMdmcIEGD JfcI2DUhkSKYAA3+FpGQYLo481a04xXX7x8p9IB+kNlZEgLS/BuhP7LzAkARqvoNeU7n ko8ddu8wZfXNAB9zdgErp6FDmYr5RLLl+4dpXS2HEV5Ybme0Ps17q+PxLrruMwo/sqdS 0HMAJFEnupLFP0WOscyu7G6lEQRvsZCsx/GEESduQafWhLQKryB4zey8ldQgulRoEfsP JllQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=zuCnuWMoLFdarDQTjNVyP2LegZyLuXRTEDAEZplKnNo=; b=REZ2N4WM8GngVzC+nVIlvxuUuRrfzWj6mPc3w3MMetAF6J/WsKlAkRGDL2d2w0PktJ 0TOg/J5kueg3K1IYFIDCzo99dSGXYj2N88/LBh9Wyo5OfIQVoSNPJAChMWzvVG5aTWqS 7pq5TlM5LXMAVO42KYlIWIFz2zgNSkimL4LBTGK7HR8F6hTcjoyG+2ggzyP5R60ags5H gL9OIZxNdv2ecmIfFtKiHbdWBhevpmnIjQlf9cwJVZb+Nk0X3yCH/Uw3HeBxgiHGOdSo gybvkIGFHg5dja7efY+Jg9Yea0JZ1/BD2/FxgSmpPcmVoi6V4xZxSPscFqGK3381DLvJ qliQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Anep66RZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f189si2224932pfg.123.2018.11.29.06.43.33; Thu, 29 Nov 2018 06:43:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Anep66RZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387884AbeK3Bda (ORCPT + 99 others); Thu, 29 Nov 2018 20:33:30 -0500 Received: from mail.kernel.org ([198.145.29.99]:34118 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731863AbeK3Bd2 (ORCPT ); Thu, 29 Nov 2018 20:33:28 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BEEEA2133F; Thu, 29 Nov 2018 14:27:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1543501676; bh=9hS67AwPFo1hlyBFM7o2Vzf1fLz7+BzL7kOvJfITrOY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Anep66RZHZhlVw8vMOM578wpRvVtK/ZJU6ZGqIBsgX3NsZN3xCIaDIfBNKYrnIe1+ o8PBi1EA07HMjioS2e7PThtBSWFVjlnfBrBA/lS4Q/nSwQM17nUsSUAjZgt9vByFhM KTJbLnXPjCjKuoxrtmRmiHsmoSMU/9HT3JCjRlZs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Alexander Aring , Stefan Schmidt Subject: [PATCH 4.14 096/100] net: ieee802154: 6lowpan: fix frag reassembly Date: Thu, 29 Nov 2018 15:13:06 +0100 Message-Id: <20181129140107.059805029@linuxfoundation.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181129140058.768942700@linuxfoundation.org> References: <20181129140058.768942700@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Alexander Aring commit f18fa5de5ba7f1d6650951502bb96a6e4715a948 upstream. This patch initialize stack variables which are used in frag_lowpan_compare_key to zero. In my case there are padding bytes in the structures ieee802154_addr as well in frag_lowpan_compare_key. Otherwise the key variable contains random bytes. The result is that a compare of two keys by memcmp works incorrect. Fixes: 648700f76b03 ("inet: frags: use rhashtables for reassembly units") Signed-off-by: Alexander Aring Reported-by: Stefan Schmidt Signed-off-by: Stefan Schmidt Signed-off-by: Greg Kroah-Hartman --- net/ieee802154/6lowpan/6lowpan_i.h | 4 ++-- net/ieee802154/6lowpan/reassembly.c | 14 +++++++------- 2 files changed, 9 insertions(+), 9 deletions(-) --- a/net/ieee802154/6lowpan/6lowpan_i.h +++ b/net/ieee802154/6lowpan/6lowpan_i.h @@ -20,8 +20,8 @@ typedef unsigned __bitwise lowpan_rx_res struct frag_lowpan_compare_key { u16 tag; u16 d_size; - const struct ieee802154_addr src; - const struct ieee802154_addr dst; + struct ieee802154_addr src; + struct ieee802154_addr dst; }; /* Equivalent of ipv4 struct ipq --- a/net/ieee802154/6lowpan/reassembly.c +++ b/net/ieee802154/6lowpan/reassembly.c @@ -75,14 +75,14 @@ fq_find(struct net *net, const struct lo { struct netns_ieee802154_lowpan *ieee802154_lowpan = net_ieee802154_lowpan(net); - struct frag_lowpan_compare_key key = { - .tag = cb->d_tag, - .d_size = cb->d_size, - .src = *src, - .dst = *dst, - }; + struct frag_lowpan_compare_key key = {}; struct inet_frag_queue *q; + key.tag = cb->d_tag; + key.d_size = cb->d_size; + key.src = *src; + key.dst = *dst; + q = inet_frag_find(&ieee802154_lowpan->frags, &key); if (!q) return NULL; @@ -372,7 +372,7 @@ int lowpan_frag_rcv(struct sk_buff *skb, struct lowpan_frag_queue *fq; struct net *net = dev_net(skb->dev); struct lowpan_802154_cb *cb = lowpan_802154_cb(skb); - struct ieee802154_hdr hdr; + struct ieee802154_hdr hdr = {}; int err; if (ieee802154_hdr_peek_addrs(skb, &hdr) < 0)