From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 59023C43381 for ; Wed, 6 Jan 2021 17:42:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 26AA023136 for ; Wed, 6 Jan 2021 17:42:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727251AbhAFRlr (ORCPT ); Wed, 6 Jan 2021 12:41:47 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:20404 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727741AbhAFRlp (ORCPT ); Wed, 6 Jan 2021 12:41:45 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1609954819; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Q1MVJV23rzhHmpdk2zEeUSOCj3KMipI7dPGLT5s4mXo=; b=VwQhzur46SbOT5BrYYi3Nx9qpdprAHwtVGWtwFPbqCT0AVGudHgubH9c5G2SDTMLK2JdHX DRI1F4ermsl/N+xX0bvb/50cOKP5xkXGSGdIMzK2HYIcf5Dma4Z3TmK7xr+MPD5cancGq2 HZv1JWlY7psfLd+/24035YTTLLqy+KQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-593-b_I-VHIKMvyWMuReIdF9gg-1; Wed, 06 Jan 2021 12:40:17 -0500 X-MC-Unique: b_I-VHIKMvyWMuReIdF9gg-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5E2BD18C8C00; Wed, 6 Jan 2021 17:40:15 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-112-8.rdu2.redhat.com [10.10.112.8]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8FE5A5B6A2; Wed, 6 Jan 2021 17:40:13 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: <548097.1609952225@warthog.procyon.org.uk> References: <548097.1609952225@warthog.procyon.org.uk> <20201229173916.1459499-1-trix@redhat.com> <259549.1609764646@warthog.procyon.org.uk> To: Tom Rix Cc: dhowells@redhat.com, davem@davemloft.net, kuba@kernel.org, natechancellor@gmail.com, ndesaulniers@google.com, linux-afs@lists.infradead.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com Subject: Re: [PATCH] rxrpc: fix handling of an unsupported token type in rxrpc_read() MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <675149.1609954812.1@warthog.procyon.org.uk> Content-Transfer-Encoding: quoted-printable Date: Wed, 06 Jan 2021 17:40:12 +0000 Message-ID: <675150.1609954812@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org David Howells wrote: > How about this? > ... > Fix the second loop so that it doesn't encode the size and type of a= n > unsupported token, but rather just ignore it as does the first loop. Actually, a better way is probably just to error out in this case. This should only happen if a new token type is incompletely implemented. David --- commit e68ef16f59aa57564761b21e5ecb2ebbd72d1c57 Author: David Howells Date: Wed Jan 6 16:21:40 2021 +0000 rxrpc: Fix handling of an unsupported token type in rxrpc_read() = Clang static analysis reports the following: = net/rxrpc/key.c:657:11: warning: Assigned value is garbage or undefine= d toksize =3D toksizes[tok++]; ^ ~~~~~~~~~~~~~~~ = rxrpc_read() contains two consecutive loops. The first loop calculate= s the token sizes and stores the results in toksizes[] and the second one us= es the array. When there is an error in identifying the token in the fir= st loop, the token is skipped, no change is made to the toksizes[] array. When the same error happens in the second loop, the token is not skipp= ed. This will cause the toksizes[] array to be out of step and will overru= n past the calculated sizes. = Fix this by making both loops log a message and return an error in thi= s case. This should only happen if a new token type is incompletely implemented, so it should normally be impossible to trigger this. = Fixes: 9a059cd5ca7d ("rxrpc: Downgrade the BUG() for unsupported token= type in rxrpc_read()") Reported-by: Tom Rix Signed-off-by: David Howells diff --git a/net/rxrpc/key.c b/net/rxrpc/key.c index 9631aa8543b5..8d2073e0e3da 100644 --- a/net/rxrpc/key.c +++ b/net/rxrpc/key.c @@ -598,7 +598,7 @@ static long rxrpc_read(const struct key *key, default: /* we have a ticket we can't encode */ pr_err("Unsupported key token type (%u)\n", token->security_index); - continue; + return -ENOPKG; } = _debug("token[%u]: toksize=3D%u", ntoks, toksize); @@ -674,7 +674,9 @@ static long rxrpc_read(const struct key *key, break; = default: - break; + pr_err("Unsupported key token type (%u)\n", + token->security_index); + return -ENOPKG; } = ASSERTCMP((unsigned long)xdr - (unsigned long)oldxdr, =3D=3D,