Message ID | 20220628025921.14767-1-hbh25y@gmail.com (mailing list archive) |
---|---|
State | Superseded |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | net: tipc: fix possible infoleak in tipc_mon_rcv() | expand |
On 2022/6/28 11:35, Tung Quang Nguyen wrote: >> -----Original Message----- >> From: Hangyu Hua <hbh25y@gmail.com> >> Sent: Tuesday, June 28, 2022 9:59 AM >> To: jmaloy@redhat.com; ying.xue@windriver.com; davem@davemloft.net; edumazet@google.com; kuba@kernel.org; >> pabeni@redhat.com >> Cc: netdev@vger.kernel.org; tipc-discussion@lists.sourceforge.net; linux-kernel@vger.kernel.org; Hangyu Hua <hbh25y@gmail.com> >> Subject: [PATCH] net: tipc: fix possible infoleak in tipc_mon_rcv() >> >> dom_bef is use to cache current domain record only if current domain >> exists. But when current domain does not exist, dom_bef will still be used >> in mon_identify_lost_members. This may lead to an information leak. >> >> Fix this by adding a memset before using dom_bef. >> >> Fixes: 35c55c9877f8 ("tipc: add neighbor monitoring framework") >> Signed-off-by: Hangyu Hua <hbh25y@gmail.com <mailto:hbh25y@gmail.com>> >> --- >> net/tipc/monitor.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/net/tipc/monitor.c b/net/tipc/monitor.c >> index 2f4d23238a7e..67084e5aa15c 100644 >> --- a/net/tipc/monitor.c >> +++ b/net/tipc/monitor.c >> @@ -534,6 +534,7 @@ void tipc_mon_rcv(struct net *net, void *data, u16 dlen, u32 addr, >> state->peer_gen = new_gen; >> >> /* Cache current domain record for later use */ >> + memset(&dom_bef, 0, sizeof(dom_bef)); >> dom_bef.member_cnt = 0; > Please remove /dom_bef.member_cnt = 0;/ if memset() is used instead. I get it. I will send a v2. Thanks, Hangyu >> dom = peer->domain; >> if (dom) >> -- >> 2.25.1
On 6/27/22 22:59, Hangyu Hua wrote: > dom_bef is use to cache current domain record only if current domain > exists. But when current domain does not exist, dom_bef will still be used > in mon_identify_lost_members. This may lead to an information leak. > > Fix this by adding a memset before using dom_bef. > > Fixes: 35c55c9877f8 ("tipc: add neighbor monitoring framework") > Signed-off-by: Hangyu Hua <hbh25y@gmail.com> > --- > net/tipc/monitor.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/tipc/monitor.c b/net/tipc/monitor.c > index 2f4d23238a7e..67084e5aa15c 100644 > --- a/net/tipc/monitor.c > +++ b/net/tipc/monitor.c > @@ -534,6 +534,7 @@ void tipc_mon_rcv(struct net *net, void *data, u16 dlen, u32 addr, > state->peer_gen = new_gen; > > /* Cache current domain record for later use */ > + memset(&dom_bef, 0, sizeof(dom_bef)); > dom_bef.member_cnt = 0; > dom = peer->domain; > if (dom) Acked-by: Jon Maloy <jmaloy@redhat.com>
diff --git a/net/tipc/monitor.c b/net/tipc/monitor.c index 2f4d23238a7e..67084e5aa15c 100644 --- a/net/tipc/monitor.c +++ b/net/tipc/monitor.c @@ -534,6 +534,7 @@ void tipc_mon_rcv(struct net *net, void *data, u16 dlen, u32 addr, state->peer_gen = new_gen; /* Cache current domain record for later use */ + memset(&dom_bef, 0, sizeof(dom_bef)); dom_bef.member_cnt = 0; dom = peer->domain; if (dom)
dom_bef is use to cache current domain record only if current domain exists. But when current domain does not exist, dom_bef will still be used in mon_identify_lost_members. This may lead to an information leak. Fix this by adding a memset before using dom_bef. Fixes: 35c55c9877f8 ("tipc: add neighbor monitoring framework") Signed-off-by: Hangyu Hua <hbh25y@gmail.com> --- net/tipc/monitor.c | 1 + 1 file changed, 1 insertion(+)