From: Ilya Leoshkevich <iii@linux.ibm.com>
To: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>
Cc: bpf@vger.kernel.org, Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Ilya Leoshkevich <iii@linux.ibm.com>
Subject: [PATCH bpf-next 7/9] libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
Date: Wed, 8 Feb 2023 21:56:40 +0100 [thread overview]
Message-ID: <20230208205642.270567-8-iii@linux.ibm.com> (raw)
In-Reply-To: <20230208205642.270567-1-iii@linux.ibm.com>
The code assumes that everything that comes after nlmsgerr are nlattrs.
When calculating their size, it does not account for the initial
nlmsghdr. This may lead to accessing uninitialized memory.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
tools/lib/bpf/nlattr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/lib/bpf/nlattr.c b/tools/lib/bpf/nlattr.c
index 3900d052ed19..c5da7662bb04 100644
--- a/tools/lib/bpf/nlattr.c
+++ b/tools/lib/bpf/nlattr.c
@@ -178,7 +178,7 @@ int libbpf_nla_dump_errormsg(struct nlmsghdr *nlh)
hlen += nlmsg_len(&err->msg);
attr = (struct nlattr *) ((void *) err + hlen);
- alen = nlh->nlmsg_len - hlen;
+ alen = (char *)nlh + nlh->nlmsg_len - (char *)attr;
if (libbpf_nla_parse(tb, NLMSGERR_ATTR_MAX, attr, alen,
extack_policy) != 0) {
--
2.39.1
next prev parent reply other threads:[~2023-02-08 20:57 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-08 20:56 [PATCH bpf-next 0/9] selftests/bpf: Add Memory Sanitizer support Ilya Leoshkevich
2023-02-08 20:56 ` [PATCH bpf-next 1/9] selftests/bpf: Quote host tools Ilya Leoshkevich
2023-02-08 20:56 ` [PATCH bpf-next 2/9] tools: runqslower: Add EXTRA_CFLAGS and EXTRA_LDFLAGS support Ilya Leoshkevich
2023-02-09 1:00 ` Andrii Nakryiko
2023-02-08 20:56 ` [PATCH bpf-next 3/9] selftests/bpf: Split SAN_CFLAGS and SAN_LDFLAGS Ilya Leoshkevich
2023-02-08 20:56 ` [PATCH bpf-next 4/9] selftests/bpf: Forward SAN_CFLAGS and SAN_LDFLAGS to runqslower and libbpf Ilya Leoshkevich
2023-02-09 1:03 ` Andrii Nakryiko
2023-02-09 9:55 ` Ilya Leoshkevich
2023-02-09 17:17 ` Andrii Nakryiko
2023-02-08 20:56 ` [PATCH bpf-next 5/9] selftests/bpf: Attach to fopen()/fclose() in uprobe_autoattach Ilya Leoshkevich
2023-02-09 1:05 ` Andrii Nakryiko
2023-02-08 20:56 ` [PATCH bpf-next 6/9] selftests/bpf: Attach to fopen()/fclose() in attach_probe Ilya Leoshkevich
2023-02-09 1:06 ` Andrii Nakryiko
2023-02-08 20:56 ` Ilya Leoshkevich [this message]
2023-02-09 1:14 ` [PATCH bpf-next 7/9] libbpf: Fix alen calculation in libbpf_nla_dump_errormsg() Andrii Nakryiko
2023-02-08 20:56 ` [PATCH bpf-next 8/9] libbpf: Add MSan annotations Ilya Leoshkevich
2023-02-09 1:29 ` Andrii Nakryiko
2023-02-09 10:01 ` Ilya Leoshkevich
2023-02-09 19:37 ` Andrii Nakryiko
2023-02-08 20:56 ` [PATCH bpf-next 9/9] selftests/bpf: " Ilya Leoshkevich
2023-02-09 1:34 ` Andrii Nakryiko
2023-02-09 10:30 ` Ilya Leoshkevich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230208205642.270567-8-iii@linux.ibm.com \
--to=iii@linux.ibm.com \
--cc=agordeev@linux.ibm.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox