Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp777033rdg; Fri, 13 Oct 2023 00:06:09 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE84Q0zRYxZSFiCPNfZJHM41Wd9Yr/PCOr02hkIfZ0vd8Lql5ObbN9rnGb2Q+NP76tiBPjR X-Received: by 2002:a05:6a20:7f9a:b0:140:a25:1c1d with SMTP id d26-20020a056a207f9a00b001400a251c1dmr30645945pzj.51.1697180769361; Fri, 13 Oct 2023 00:06:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697180769; cv=none; d=google.com; s=arc-20160816; b=MQM2OS70twWfzhSDXjwxah5stNlYE8MJjArST6tl0EHeVFG7bcFkOVW/ZVOkmtWQ1S 6f2gus0agvEjkYygknI4pbwrB1/GFupTO+51il5y34fVjcMiAWswClHO2t/nstueymCX IkuHkj8OQRHkCemvOD4T4RuxTs9crU/wD+EePDJrOWL3Q8l6dw3A2Pq/wav6bVSl2mam 6i5b3vg7N2v2X4UzwR0WKVEUxK6nR6VsRGF1gLuImdSpc+mIHI4rysesYtXHo0tgorDH zSDukP4B/OBXl2MKzfv27RH7ToaKnttciiUohpurdtdmxql45u4CCK1lT9RcZtT8Mg3H dSjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=frMwB+yQcrqfw7+mUC1RLpFWBfRdjTmzx1BGRb9nPkY=; fh=dFZBcqnGSldm2WKTVdQkUScF5fcX0nwOLzOmm5JMNbQ=; b=jHV4XJ0+peco8JMP250LFLdIjuKh8eRUYpmNR33Tp1asmKQgt2xIrpr5axNYskuvYi C60YibbDrLoR9zL9gYGuC1PVmNP3aHzI/ap0jDF7wLeiEYanckl+wtp+22e7SgEtgh+m 7mnBNVrqH/34dGNmk0zwgZEbFwneqzJuV0fKNtk06BIBLNPZdrpLdH7pXg3NTfhT8GiX Wfhr6GF13of07pp371KfCMXp/uV1auQYYgEwDgpxzqqooVfBaHdQ6gX2++HOkBQaYjg+ 3IHCadiLzkvkXOyGAKRwbloecS4cQyo4mY5gaHnxi1VW4I3sL94+exUBEtqGoOeZAMTt zgdA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@163.com header.s=s110527 header.b=bgcKwGfH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id ca6-20020a056a02068600b005a9c401068bsi1634628pgb.484.2023.10.13.00.06.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Oct 2023 00:06:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@163.com header.s=s110527 header.b=bgcKwGfH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id C9A58826633E; Fri, 13 Oct 2023 00:05:58 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229688AbjJMHF2 (ORCPT + 99 others); Fri, 13 Oct 2023 03:05:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37230 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229726AbjJMHF1 (ORCPT ); Fri, 13 Oct 2023 03:05:27 -0400 Received: from m12.mail.163.com (m12.mail.163.com [220.181.12.199]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id C5FC5B7; Fri, 13 Oct 2023 00:05:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=frMwB +yQcrqfw7+mUC1RLpFWBfRdjTmzx1BGRb9nPkY=; b=bgcKwGfHHQLttJDR/zMLu yNDKelR5y7v871iubA92RBIKiOGPXIx2bs5JZcWRTJLe1NANMVqZXPh7HiFJ7AQo CNTJHEsYpvnCmyWhHsIaaeGFw7oBGh8BFTH5/bqD95iE+A4nm/b3/imnEO9W2WmK sZeR1GX1E1p6kIW6BZiqvs= Received: from icess-ProLiant-DL380-Gen10.. (unknown [183.174.60.14]) by zwqz-smtp-mta-g4-4 (Coremail) with SMTP id _____wD3_9Dr6yhlQ_y2AQ--.20479S4; Fri, 13 Oct 2023 15:04:20 +0800 (CST) From: Ma Ke To: jmaloy@redhat.com, ying.xue@windriver.com, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com Cc: netdev@vger.kernel.org, tipc-discussion@lists.sourceforge.net, linux-kernel@vger.kernel.org, Ma Ke Subject: [PATCH] tipc: Fix uninit-value access in tipc_nl_node_get_link() Date: Fri, 13 Oct 2023 15:04:08 +0800 Message-Id: <20231013070408.1979343-1-make_ruc2021@163.com> X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID: _____wD3_9Dr6yhlQ_y2AQ--.20479S4 X-Coremail-Antispam: 1Uf129KBjvdXoW7Wr4rCw4ktrW5WFyxJFW8WFg_yoWfJFX_Z3 92g3yfAry8J39Yyr4DXa95JrZ3Jan8G3Z5uw1akryUK34DCrWrZan5JFn8CrW3urZ7u3sr Ga40vF1fXF12qjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7sRMg4SUUUUUU== X-Originating-IP: [183.174.60.14] X-CM-SenderInfo: 5pdnvshuxfjiisr6il2tof0z/1tbivggIC1ZcjGryowAAsI X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Fri, 13 Oct 2023 00:05:59 -0700 (PDT) Names must be null-terminated strings. If a name which is not null-terminated is passed through netlink, strstr() and similar functions can cause buffer overrun. This patch fixes this issue by returning -EINVAL if a non-null-terminated name is passed. Signed-off-by: Ma Ke --- net/tipc/node.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/tipc/node.c b/net/tipc/node.c index 3105abe97bb9..a02bcd7e07d3 100644 --- a/net/tipc/node.c +++ b/net/tipc/node.c @@ -2519,6 +2519,9 @@ int tipc_nl_node_get_link(struct sk_buff *skb, struct genl_info *info) return -EINVAL; name = nla_data(attrs[TIPC_NLA_LINK_NAME]); + if (name[strnlen(name, + nla_len(attrs[TIPC_NLA_LINK_NAME]))] != '\0') + return -EINVAL; msg.skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); if (!msg.skb) -- 2.37.2