From: Ilya Leoshkevich <iii@linux.ibm.com>
To: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>
Cc: bpf@vger.kernel.org, Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Ilya Leoshkevich <iii@linux.ibm.com>
Subject: [PATCH bpf-next v2 07/16] libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
Date: Fri, 10 Feb 2023 01:12:01 +0100 [thread overview]
Message-ID: <20230210001210.395194-8-iii@linux.ibm.com> (raw)
In-Reply-To: <20230210001210.395194-1-iii@linux.ibm.com>
The code assumes that everything that comes after nlmsgerr are nlattrs.
When calculating their size, it does not account for the initial
nlmsghdr. This may lead to accessing uninitialized memory.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
tools/lib/bpf/nlattr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/lib/bpf/nlattr.c b/tools/lib/bpf/nlattr.c
index 3900d052ed19..975e265eab3b 100644
--- a/tools/lib/bpf/nlattr.c
+++ b/tools/lib/bpf/nlattr.c
@@ -178,7 +178,7 @@ int libbpf_nla_dump_errormsg(struct nlmsghdr *nlh)
hlen += nlmsg_len(&err->msg);
attr = (struct nlattr *) ((void *) err + hlen);
- alen = nlh->nlmsg_len - hlen;
+ alen = (void *)nlh + nlh->nlmsg_len - (void *)attr;
if (libbpf_nla_parse(tb, NLMSGERR_ATTR_MAX, attr, alen,
extack_policy) != 0) {
--
2.39.1
next prev parent reply other threads:[~2023-02-10 0:12 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-10 0:11 [PATCH bpf-next v2 00/16] selftests/bpf: Add Memory Sanitizer support Ilya Leoshkevich
2023-02-10 0:11 ` [PATCH bpf-next v2 01/16] selftests/bpf: Quote host tools Ilya Leoshkevich
2023-02-10 0:11 ` [PATCH bpf-next v2 02/16] tools: runqslower: Add EXTRA_CFLAGS and EXTRA_LDFLAGS support Ilya Leoshkevich
2023-02-10 0:11 ` [PATCH bpf-next v2 03/16] selftests/bpf: Split SAN_CFLAGS and SAN_LDFLAGS Ilya Leoshkevich
2023-02-10 0:11 ` [PATCH bpf-next v2 04/16] selftests/bpf: Forward SAN_CFLAGS and SAN_LDFLAGS to runqslower and libbpf Ilya Leoshkevich
2023-02-10 0:11 ` [PATCH bpf-next v2 05/16] selftests/bpf: Attach to fopen()/fclose() in uprobe_autoattach Ilya Leoshkevich
2023-02-10 0:12 ` [PATCH bpf-next v2 06/16] selftests/bpf: Attach to fopen()/fclose() in attach_probe Ilya Leoshkevich
2023-02-10 0:12 ` Ilya Leoshkevich [this message]
2023-02-10 0:12 ` [PATCH bpf-next v2 08/16] libbpf: Introduce bpf_{btf,link,map,prog}_get_info_by_fd() Ilya Leoshkevich
2023-02-10 0:12 ` [PATCH bpf-next v2 09/16] libbpf: Use bpf_{btf,link,map,prog}_get_info_by_fd() Ilya Leoshkevich
2023-02-10 0:12 ` [PATCH bpf-next v2 10/16] bpftool: " Ilya Leoshkevich
2023-02-10 10:36 ` Ilya Leoshkevich
2023-02-10 14:41 ` Quentin Monnet
2023-02-10 0:12 ` [PATCH bpf-next v2 11/16] perf: " Ilya Leoshkevich
2023-02-10 23:26 ` Andrii Nakryiko
2023-02-10 0:12 ` [PATCH bpf-next v2 12/16] samples/bpf: " Ilya Leoshkevich
2023-02-10 0:12 ` [PATCH bpf-next v2 13/16] selftests/bpf: " Ilya Leoshkevich
2023-02-10 0:12 ` [PATCH bpf-next v2 14/16] libbpf: Factor out is_percpu_bpf_map_type() Ilya Leoshkevich
2023-02-10 0:12 ` [PATCH bpf-next v2 15/16] libbpf: Add MSan annotations Ilya Leoshkevich
2023-02-10 0:12 ` [PATCH bpf-next v2 16/16] selftests/bpf: " Ilya Leoshkevich
2023-02-10 23:38 ` [PATCH bpf-next v2 00/16] selftests/bpf: Add Memory Sanitizer support Andrii Nakryiko
2023-02-10 23:40 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230210001210.395194-8-iii@linux.ibm.com \
--to=iii@linux.ibm.com \
--cc=agordeev@linux.ibm.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox