Netdev Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] net: hsr: check skb can contain struct hsr_ethhdr in fill_frame_info
@ 2021-05-02 21:34 Phillip Potter
  2021-05-03 20:40 ` patchwork-bot+netdevbpf
  0 siblings, 1 reply; 2+ messages in thread
From: Phillip Potter @ 2021-05-02 21:34 UTC (permalink / raw)
  To: davem
  Cc: kuba, m-karicheri2, olteanv, george.mccollister, ap420073,
	wanghai38, netdev, linux-kernel

Check at start of fill_frame_info that the MAC header in the supplied
skb is large enough to fit a struct hsr_ethhdr, as otherwise this is
not a valid HSR frame. If it is too small, return an error which will
then cause the callers to clean up the skb. Fixes a KMSAN-found
uninit-value bug reported by syzbot at:
https://syzkaller.appspot.com/bug?id=f7e9b601f1414f814f7602a82b6619a8d80bce3f

Reported-by: syzbot+e267bed19bfc5478fb33@syzkaller.appspotmail.com
Signed-off-by: Phillip Potter <phil@philpotter.co.uk>
---
 net/hsr/hsr_forward.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/hsr/hsr_forward.c b/net/hsr/hsr_forward.c
index ed82a470b6e1..f86cdd83e9a8 100644
--- a/net/hsr/hsr_forward.c
+++ b/net/hsr/hsr_forward.c
@@ -520,6 +520,10 @@ static int fill_frame_info(struct hsr_frame_info *frame,
 	struct ethhdr *ethhdr;
 	__be16 proto;
 
+	/* Check if skb contains hsr_ethhdr */
+	if (skb->mac_len < sizeof(struct hsr_ethhdr))
+		return -EINVAL;
+
 	memset(frame, 0, sizeof(*frame));
 	frame->is_supervision = is_supervision_frame(port->hsr, skb);
 	frame->node_src = hsr_get_node(port, &hsr->node_db, skb,
-- 
2.30.2


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] net: hsr: check skb can contain struct hsr_ethhdr in fill_frame_info
  2021-05-02 21:34 [PATCH] net: hsr: check skb can contain struct hsr_ethhdr in fill_frame_info Phillip Potter
@ 2021-05-03 20:40 ` patchwork-bot+netdevbpf
  0 siblings, 0 replies; 2+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-05-03 20:40 UTC (permalink / raw)
  To: Phillip Potter
  Cc: davem, kuba, m-karicheri2, olteanv, george.mccollister, ap420073,
	wanghai38, netdev, linux-kernel

Hello:

This patch was applied to netdev/net.git (refs/heads/master):

On Sun,  2 May 2021 22:34:42 +0100 you wrote:
> Check at start of fill_frame_info that the MAC header in the supplied
> skb is large enough to fit a struct hsr_ethhdr, as otherwise this is
> not a valid HSR frame. If it is too small, return an error which will
> then cause the callers to clean up the skb. Fixes a KMSAN-found
> uninit-value bug reported by syzbot at:
> https://syzkaller.appspot.com/bug?id=f7e9b601f1414f814f7602a82b6619a8d80bce3f
> 
> [...]

Here is the summary with links:
  - net: hsr: check skb can contain struct hsr_ethhdr in fill_frame_info
    https://git.kernel.org/netdev/net/c/2e9f60932a2c

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-02 21:34 [PATCH] net: hsr: check skb can contain struct hsr_ethhdr in fill_frame_info Phillip Potter
2021-05-03 20:40 ` patchwork-bot+netdevbpf

Netdev Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netdev/0 netdev/git/0.git
	git clone --mirror https://lore.kernel.org/netdev/1 netdev/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netdev netdev/ https://lore.kernel.org/netdev \
		netdev@vger.kernel.org
	public-inbox-index netdev

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netdev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git