From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Alexander Aring <aring@mojatatu.com>,
Stefan Schmidt <stefan@osg.samsung.com>
Subject: [PATCH 4.14 096/100] net: ieee802154: 6lowpan: fix frag reassembly
Date: Thu, 29 Nov 2018 15:13:06 +0100 [thread overview]
Message-ID: <20181129140107.059805029@linuxfoundation.org> (raw)
In-Reply-To: <20181129140058.768942700@linuxfoundation.org>
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Aring <aring@mojatatu.com>
commit f18fa5de5ba7f1d6650951502bb96a6e4715a948 upstream.
This patch initialize stack variables which are used in
frag_lowpan_compare_key to zero. In my case there are padding bytes in the
structures ieee802154_addr as well in frag_lowpan_compare_key. Otherwise
the key variable contains random bytes. The result is that a compare of
two keys by memcmp works incorrect.
Fixes: 648700f76b03 ("inet: frags: use rhashtables for reassembly units")
Signed-off-by: Alexander Aring <aring@mojatatu.com>
Reported-by: Stefan Schmidt <stefan@osg.samsung.com>
Signed-off-by: Stefan Schmidt <stefan@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ieee802154/6lowpan/6lowpan_i.h | 4 ++--
net/ieee802154/6lowpan/reassembly.c | 14 +++++++-------
2 files changed, 9 insertions(+), 9 deletions(-)
--- a/net/ieee802154/6lowpan/6lowpan_i.h
+++ b/net/ieee802154/6lowpan/6lowpan_i.h
@@ -20,8 +20,8 @@ typedef unsigned __bitwise lowpan_rx_res
struct frag_lowpan_compare_key {
u16 tag;
u16 d_size;
- const struct ieee802154_addr src;
- const struct ieee802154_addr dst;
+ struct ieee802154_addr src;
+ struct ieee802154_addr dst;
};
/* Equivalent of ipv4 struct ipq
--- a/net/ieee802154/6lowpan/reassembly.c
+++ b/net/ieee802154/6lowpan/reassembly.c
@@ -75,14 +75,14 @@ fq_find(struct net *net, const struct lo
{
struct netns_ieee802154_lowpan *ieee802154_lowpan =
net_ieee802154_lowpan(net);
- struct frag_lowpan_compare_key key = {
- .tag = cb->d_tag,
- .d_size = cb->d_size,
- .src = *src,
- .dst = *dst,
- };
+ struct frag_lowpan_compare_key key = {};
struct inet_frag_queue *q;
+ key.tag = cb->d_tag;
+ key.d_size = cb->d_size;
+ key.src = *src;
+ key.dst = *dst;
+
q = inet_frag_find(&ieee802154_lowpan->frags, &key);
if (!q)
return NULL;
@@ -372,7 +372,7 @@ int lowpan_frag_rcv(struct sk_buff *skb,
struct lowpan_frag_queue *fq;
struct net *net = dev_net(skb->dev);
struct lowpan_802154_cb *cb = lowpan_802154_cb(skb);
- struct ieee802154_hdr hdr;
+ struct ieee802154_hdr hdr = {};
int err;
if (ieee802154_hdr_peek_addrs(skb, &hdr) < 0)
next prev parent reply other threads:[~2018-11-30 1:33 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-29 14:11 [PATCH 4.14 000/100] 4.14.85-stable review Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 001/100] efi/libstub: arm: support building with clang Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 002/100] ARM: 8766/1: drop no-thumb-interwork in EABI mode Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 003/100] ARM: 8767/1: add support for building ARM kernel with clang Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 004/100] bus: arm-cci: remove unnecessary unreachable() Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 005/100] ARM: trusted_foundations: do not use naked function Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 006/100] usb: core: Fix hub port connection events lost Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 007/100] usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 008/100] usb: dwc3: gadget: Properly check last unaligned/zero chain TRB Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 009/100] usb: dwc3: core: Clean up ULPI device Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 010/100] xhci: Add check for invalid byte size error when UAS devices are connected Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 011/100] usb: xhci: fix timeout for transition from RExit to U0 Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 012/100] ALSA: oss: Use kvzalloc() for local buffer allocations Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 013/100] MAINTAINERS: Add Sasha as a stable branch maintainer Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 014/100] mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 015/100] gpio: dont free unallocated ida on gpiochip_add_data_with_key() error path Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 016/100] iwlwifi: mvm: support sta_statistics() even on older firmware Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 017/100] iwlwifi: mvm: fix regulatory domain update when the firmware starts Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 018/100] iwlwifi: mvm: dont use SAR Geo if basic SAR is not used Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 019/100] brcmfmac: fix reporting support for 160 MHz channels Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 020/100] tools/power/cpupower: fix compilation with STATIC=true Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 021/100] v9fs_dir_readdir: fix double-free on p9stat_read error Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 022/100] selinux: Add __GFP_NOWARN to allocation at str_read() Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 023/100] Input: synaptics - avoid using uninitialized variable when probing Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 024/100] bfs: add sanity check at bfs_fill_super() Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 025/100] sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 026/100] gfs2: Dont leave s_fs_info pointing to freed memory in init_sbd Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 027/100] llc: do not use sk_eat_skb() Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 028/100] mm: dont warn about large allocations for slab Greg Kroah-Hartman
2018-11-29 14:11 ` [PATCH 4.14 029/100] mm/memory.c: recheck page table entry with page table lock held Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 030/100] tcp: do not release socket ownership in tcp_close() Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 031/100] IB/core: Perform modify QP on real one Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 032/100] usb: xhci: Prevent bus suspend if a port connect change or polling state is detected Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 033/100] drm/ast: change resolution may cause screen blurred Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 034/100] drm/ast: fixed cursor may disappear sometimes Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 035/100] drm/ast: Remove existing framebuffers before loading driver Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 036/100] can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 037/100] can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 038/100] can: dev: __can_get_echo_skb(): Dont crash the kernel if can_priv::echo_skb is accessed out of bounds Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 039/100] can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 040/100] can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 041/100] can: rx-offload: rename can_rx_offload_irq_queue_err_skb() to can_rx_offload_queue_tail() Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 042/100] can: raw: check for CAN FD capable netdev in raw_sendmsg() Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 043/100] can: hi311x: Use level-triggered interrupt Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 044/100] ACPICA: AML interpreter: add region addresses in global list during initialization Greg Kroah-Hartman
2018-11-29 14:45 ` Jean Delvare
2018-11-29 15:01 ` Greg Kroah-Hartman
2018-11-29 18:56 ` Schmauss, Erik
2018-11-29 19:21 ` Greg Kroah-Hartman
2018-11-29 19:34 ` Jean Delvare
2018-11-29 19:36 ` Schmauss, Erik
2018-11-30 8:03 ` Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 045/100] IB/hfi1: Eliminate races in the SDMA send error path Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 046/100] pinctrl: meson: fix pinconf bias disable Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 047/100] KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 048/100] cpufreq: imx6q: add return value check for voltage scale Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 049/100] rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 050/100] crypto: simd - correctly take reqsize of wrapped skcipher into account Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 051/100] floppy: fix race condition in __floppy_read_block_0() Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 052/100] powerpc/io: Fix the IO workarounds code to work with Radix Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 053/100] perf/x86/intel/uncore: Add more IMC PCI IDs for KabyLake and CoffeeLake CPUs Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 054/100] ARM: make lookup_processor_type() non-__init Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 055/100] ARM: clean up per-processor check_bugs method call Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 056/100] ARM: add PROC_VTABLE and PROC_TABLE macros Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 057/100] ARM: spectre-v2: per-CPU vtables to work around big.Little systems Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 058/100] SUNRPC: Fix a bogus get/put in generic_key_to_expire() Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 059/100] kdb: Use strscpy with destination buffer size Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 060/100] powerpc/numa: Suppress "VPHN is not supported" messages Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 061/100] efi/arm: Revert deferred unmap of early memmap mapping Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 062/100] z3fold: fix possible reclaim races Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 063/100] tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 064/100] mm, page_alloc: check for max order in hot path Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 065/100] of: add helper to lookup compatible child node Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 066/100] NFC: nfcmrvl_uart: fix OF child-node lookup Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 067/100] net: bcmgenet: " Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 068/100] drm/mediatek: fix OF sibling-node lookup Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 069/100] power: supply: twl4030-charger: " Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 070/100] arm64: remove no-op -p linker flag Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 071/100] xhci: Allow more than 32 quirks Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 072/100] xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 073/100] mtd: rawnand: atmel: fix OF child-node lookup Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 074/100] ubi: fastmap: Check each mapping only once Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 075/100] Input: xpad - add PDP device id 0x02a4 Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 076/100] Input: xpad - fix some coding style issues Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 077/100] Input: xpad - avoid using __set_bit() for capabilities Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 078/100] Input: xpad - add support for Xbox1 PDP Camo series gamepad Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 079/100] iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 080/100] kbuild: allow to use GCC toolchain not in Clang search path Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 081/100] PCI: endpoint: Populate func_no before calling pci_epc_add_epf() Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 082/100] net/mlx4_core: Fix wrong calculation of free counters Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 083/100] i40iw: Fix memory leak in error path of create QP Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 084/100] rtc: omap: fix error path when pinctrl_register fails Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 085/100] clk: samsung: exynos5250: Add missing clocks for FIMC LITE SYSMMU devices Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 086/100] ARM: dts: exynos: Fix invalid node referenced by i2c20 alias in Peach Pit and Pi Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 087/100] driver core: Move device_links_purge() after bus_remove_device() Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 088/100] include/linux/pfn_t.h: force ~ to be parsed as an unary operator Greg Kroah-Hartman
2018-11-29 14:12 ` [PATCH 4.14 089/100] tty: wipe buffer Greg Kroah-Hartman
2018-11-29 14:13 ` [PATCH 4.14 090/100] tty: wipe buffer if not echoing data Greg Kroah-Hartman
2018-11-29 14:13 ` [PATCH 4.14 091/100] usb: xhci: fix uninitialized completion when USB3 port got wrong status Greg Kroah-Hartman
2018-11-29 14:13 ` [PATCH 4.14 092/100] namei: allow restricted O_CREAT of FIFOs and regular files Greg Kroah-Hartman
2018-11-29 14:13 ` [PATCH 4.14 093/100] lan78xx: Read MAC address from DT if present Greg Kroah-Hartman
2018-11-29 14:13 ` [PATCH 4.14 094/100] s390/mm: Check for valid vma before zapping in gmap_discard Greg Kroah-Hartman
2018-11-29 14:13 ` [PATCH 4.14 095/100] rcu: Make need_resched() respond to urgent RCU-QS needs Greg Kroah-Hartman
2018-11-29 14:13 ` Greg Kroah-Hartman [this message]
2018-11-29 14:13 ` [PATCH 4.14 097/100] ima: always measure and audit files in policy Greg Kroah-Hartman
2018-11-29 14:13 ` [PATCH 4.14 098/100] EVM: Add support for portable signature format Greg Kroah-Hartman
2018-11-29 14:13 ` [PATCH 4.14 099/100] ima: re-introduce own integrity cache lock Greg Kroah-Hartman
2018-11-29 14:13 ` [PATCH 4.14 100/100] ima: re-initialize iint->atomic_flags Greg Kroah-Hartman
2018-11-29 19:51 ` [PATCH 4.14 000/100] 4.14.85-stable review kernelci.org bot
2018-11-29 20:32 ` shuah
2018-11-30 7:12 ` Naresh Kamboju
2018-11-30 14:20 ` Guenter Roeck
2018-11-30 15:18 ` Greg Kroah-Hartman
2018-11-30 15:29 ` Greg Kroah-Hartman
2018-12-03 11:38 ` Jon Hunter
2018-11-30 22:28 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181129140107.059805029@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=aring@mojatatu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=stefan@osg.samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).