From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DE156C43334 for ; Wed, 6 Jul 2022 01:52:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229941AbiGFBwn (ORCPT ); Tue, 5 Jul 2022 21:52:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45888 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229492AbiGFBwm (ORCPT ); Tue, 5 Jul 2022 21:52:42 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4B26A18E24 for ; Tue, 5 Jul 2022 18:52:41 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D47CD6185A for ; Wed, 6 Jul 2022 01:52:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C114BC341C7; Wed, 6 Jul 2022 01:52:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1657072360; bh=t5D40nU9TTh98U9FXuS7j3NG1FC8HQOisAFYAUt47Ao=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=rNtHyc5pH2dS+0WB8gDQnQ8gnqMSA7pIa2zBrfNH/PgEhtN3CdlkhsM2G7YlNz588 yXasEMVbK3ka4WhqjtVlk53cxJ5LtJQEJ5Zxajd0jXrqQvi8BqzG15362qdZQMc5/d Z/rqxZptivziTBcVBhZFbTHNIvruRawDEsmgsUcLXXaB1qVWaaypOZ4n9okxp+j/9r 4wXgsKrDEvT7UFonT9rhBe4Iuao5aqKL7wFDNPRCadeZOQHun+TV8SIrVlC/wn3baF vsCpktnrErNlUPjJaBKHz2pYX/yaWnnyU9dvXnO0Xfhak72OopdSARu3cRCcZYQHPe sGrVNsebjiRjw== Date: Tue, 5 Jul 2022 18:52:38 -0700 From: Jakub Kicinski To: Hoang Le Cc: jmaloy@redhat.com, maloy@donjonn.com, ying.xue@windriver.com, tung.q.nguyen@dektech.com.au, pabeni@redhat.com, edumazet@google.com, tipc-discussion@lists.sourceforge.net, netdev@vger.kernel.org, davem@davemloft.net, syzbot+a73d24a22eeeebe5f244@syzkaller.appspotmail.com Subject: Re: [net-next] tipc: fix uninit-value in tipc_nl_node_reset_link_stats Message-ID: <20220705185238.1c287512@kernel.org> In-Reply-To: <20220705005058.3971-1-hoang.h.le@dektech.com.au> References: <20220705005058.3971-1-hoang.h.le@dektech.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Tue, 5 Jul 2022 07:50:57 +0700 Hoang Le wrote: > Reported-by: syzbot+a73d24a22eeeebe5f244@syzkaller.appspotmail.com > Acked-by: Jon Maloy > Signed-off-by: Hoang Le Can we get a Fixes tag please? > diff --git a/net/tipc/node.c b/net/tipc/node.c > index b48d97cbbe29..23419a599471 100644 > --- a/net/tipc/node.c > +++ b/net/tipc/node.c > @@ -2561,6 +2561,7 @@ int tipc_nl_node_reset_link_stats(struct sk_buff *skb, struct genl_info *info) > struct net *net = sock_net(skb->sk); > struct tipc_net *tn = tipc_net(net); > struct tipc_link_entry *le; > + int len; > > if (!info->attrs[TIPC_NLA_LINK]) > return -EINVAL; > @@ -2574,7 +2575,14 @@ int tipc_nl_node_reset_link_stats(struct sk_buff *skb, struct genl_info *info) > if (!attrs[TIPC_NLA_LINK_NAME]) > return -EINVAL; > > + len = nla_len(attrs[TIPC_NLA_LINK_NAME]); > + if (len <= 0) > + return -EINVAL; > + > link_name = nla_data(attrs[TIPC_NLA_LINK_NAME]); > + len = min_t(int, len, TIPC_MAX_LINK_NAME); > + if (!memchr(link_name, '\0', len)) > + return -EINVAL; Should we just change the netlink policy for this attribute to NLA_NUL_STRING, then?