diff mbox series

net: tipc: fix possible infoleak in tipc_mon_rcv()

Message ID 20220628025921.14767-1-hbh25y@gmail.com (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series net: tipc: fix possible infoleak in tipc_mon_rcv() | expand

Checks

Context Check Description
netdev/tree_selection success Guessed tree name to be net-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix warning Target tree name not specified in the subject
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers success CCed 8 of 8 maintainers
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 7 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Hangyu Hua June 28, 2022, 2:59 a.m. UTC 
dom_bef is use to cache current domain record only if current domain
exists. But when current domain does not exist, dom_bef will still be used
in mon_identify_lost_members. This may lead to an information leak.

Fix this by adding a memset before using dom_bef.

Fixes: 35c55c9877f8 ("tipc: add neighbor monitoring framework")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
---
 net/tipc/monitor.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Hangyu Hua June 28, 2022, 8:21 a.m. UTC | #1 
On 2022/6/28 11:35, Tung Quang Nguyen wrote:
>> -----Original Message-----
>> From: Hangyu Hua <hbh25y@gmail.com>
>> Sent: Tuesday, June 28, 2022 9:59 AM
>> To: jmaloy@redhat.com; ying.xue@windriver.com; davem@davemloft.net; edumazet@google.com; kuba@kernel.org;
>> pabeni@redhat.com
>> Cc: netdev@vger.kernel.org; tipc-discussion@lists.sourceforge.net; linux-kernel@vger.kernel.org; Hangyu Hua <hbh25y@gmail.com>
>> Subject: [PATCH] net: tipc: fix possible infoleak in tipc_mon_rcv()
>> 
>> dom_bef is use to cache current domain record only if current domain
>> exists. But when current domain does not exist, dom_bef will still be used
>> in mon_identify_lost_members. This may lead to an information leak.
>> 
>> Fix this by adding a memset before using dom_bef.
>> 
>> Fixes: 35c55c9877f8 ("tipc: add neighbor monitoring framework")
>> Signed-off-by: Hangyu Hua <hbh25y@gmail.com <mailto:hbh25y@gmail.com>>
>> ---
>>  net/tipc/monitor.c | 1 +
>>  1 file changed, 1 insertion(+)
>> 
>> diff --git a/net/tipc/monitor.c b/net/tipc/monitor.c
>> index 2f4d23238a7e..67084e5aa15c 100644
>> --- a/net/tipc/monitor.c
>> +++ b/net/tipc/monitor.c
>> @@ -534,6 +534,7 @@ void tipc_mon_rcv(struct net *net, void *data, u16 dlen, u32 addr,
>>        state->peer_gen = new_gen;
>> 
>>        /* Cache current domain record for later use */
>> +     memset(&dom_bef, 0, sizeof(dom_bef));
>>        dom_bef.member_cnt = 0;
> Please remove /dom_bef.member_cnt = 0;/ if memset() is used instead.

I get it. I will send a v2.

Thanks,
Hangyu

>>        dom = peer->domain;
>>        if (dom)
>> --
>> 2.25.1
Jon Maloy July 4, 2022, 2:03 p.m. UTC | #2 
On 6/27/22 22:59, Hangyu Hua wrote:
> dom_bef is use to cache current domain record only if current domain
> exists. But when current domain does not exist, dom_bef will still be used
> in mon_identify_lost_members. This may lead to an information leak.
>
> Fix this by adding a memset before using dom_bef.
>
> Fixes: 35c55c9877f8 ("tipc: add neighbor monitoring framework")
> Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
> ---
>   net/tipc/monitor.c | 1 +
>   1 file changed, 1 insertion(+)
>
> diff --git a/net/tipc/monitor.c b/net/tipc/monitor.c
> index 2f4d23238a7e..67084e5aa15c 100644
> --- a/net/tipc/monitor.c
> +++ b/net/tipc/monitor.c
> @@ -534,6 +534,7 @@ void tipc_mon_rcv(struct net *net, void *data, u16 dlen, u32 addr,
>   	state->peer_gen = new_gen;
>   
>   	/* Cache current domain record for later use */
> +	memset(&dom_bef, 0, sizeof(dom_bef));
>   	dom_bef.member_cnt = 0;
>   	dom = peer->domain;
>   	if (dom)
Acked-by: Jon Maloy <jmaloy@redhat.com>
diff mbox series

Patch

diff --git a/net/tipc/monitor.c b/net/tipc/monitor.c
index 2f4d23238a7e..67084e5aa15c 100644
--- a/net/tipc/monitor.c
+++ b/net/tipc/monitor.c
@@ -534,6 +534,7 @@  void tipc_mon_rcv(struct net *net, void *data, u16 dlen, u32 addr,
 	state->peer_gen = new_gen;
 
 	/* Cache current domain record for later use */
+	memset(&dom_bef, 0, sizeof(dom_bef));
 	dom_bef.member_cnt = 0;
 	dom = peer->domain;
 	if (dom)