From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
syzbot+c56449ed3652e6720f30@syzkaller.appspotmail.com,
Jon Maloy <jon.maloy@ericsson.com>,
Cong Wang <xiyou.wangcong@gmail.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.9 09/71] ipv6: explicitly initialize udp6_addr in udp_sock_create6()
Date: Mon, 7 Jan 2019 13:32:38 +0100 [thread overview]
Message-ID: <20190107105330.874291421@linuxfoundation.org> (raw)
In-Reply-To: <20190107105330.280153213@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cong Wang <xiyou.wangcong@gmail.com>
[ Upstream commit fb24274546310872eeeaf3d1d53799d8414aa0f2 ]
syzbot reported the use of uninitialized udp6_addr::sin6_scope_id.
We can just set ::sin6_scope_id to zero, as tunnels are unlikely
to use an IPv6 address that needs a scope id and there is no
interface to bind in this context.
For net-next, it looks different as we have cfg->bind_ifindex there
so we can probably call ipv6_iface_scope_id().
Same for ::sin6_flowinfo, tunnels don't use it.
Fixes: 8024e02879dd ("udp: Add udp_sock_create for UDP tunnels to open listener socket")
Reported-by: syzbot+c56449ed3652e6720f30@syzkaller.appspotmail.com
Cc: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/ip6_udp_tunnel.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/ipv6/ip6_udp_tunnel.c
+++ b/net/ipv6/ip6_udp_tunnel.c
@@ -15,7 +15,7 @@
int udp_sock_create6(struct net *net, struct udp_port_cfg *cfg,
struct socket **sockp)
{
- struct sockaddr_in6 udp6_addr;
+ struct sockaddr_in6 udp6_addr = {};
int err;
struct socket *sock = NULL;
@@ -42,6 +42,7 @@ int udp_sock_create6(struct net *net, st
goto error;
if (cfg->peer_udp_port) {
+ memset(&udp6_addr, 0, sizeof(udp6_addr));
udp6_addr.sin6_family = AF_INET6;
memcpy(&udp6_addr.sin6_addr, &cfg->peer_ip6,
sizeof(udp6_addr.sin6_addr));
next prev parent reply other threads:[~2019-01-07 13:12 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-07 12:32 [PATCH 4.9 00/71] 4.9.149-stable review Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 01/71] NFC: nxp-nci: Include unaligned.h instead of access_ok.h Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 02/71] ip6mr: Fix potential Spectre v1 vulnerability Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 03/71] ipv4: " Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 04/71] net: core: Fix " Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 05/71] phonet: af_phonet: " Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 06/71] ax25: fix a use-after-free in ax25_fillin_cb() Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 07/71] ibmveth: fix DMA unmap error in ibmveth_xmit_start error path Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 08/71] ieee802154: lowpan_header_create check must check daddr Greg Kroah-Hartman
2019-01-07 12:32 ` Greg Kroah-Hartman [this message]
2019-01-07 12:32 ` [PATCH 4.9 10/71] ipv6: tunnels: fix two use-after-free Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 11/71] isdn: fix kernel-infoleak in capi_unlocked_ioctl Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 12/71] net: ipv4: do not handle duplicate fragments as overlapping Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 13/71] net: phy: Fix the issue that netif always links up after resuming Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 14/71] netrom: fix locking in nr_find_socket() Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 15/71] net/wan: fix a double free in x25_asy_open_tty() Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 16/71] packet: validate address length Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 17/71] packet: validate address length if non-zero Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 18/71] sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 19/71] tipc: fix a double kfree_skb() Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 20/71] vhost: make sure used idx is seen before log in vhost_add_used_n() Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 21/71] VSOCK: Send reset control packet when socket is partially bound Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 22/71] xen/netfront: tolerate frags with no data Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 23/71] tipc: use lock_sock() in tipc_sk_reinit() Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 24/71] tipc: compare remote and local protocols in tipc_udp_enable() Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 25/71] gro_cell: add napi_disable in gro_cells_destroy Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 26/71] net/mlx5e: Remove the false indication of software timestamping support Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 27/71] net/mlx5: Typo fix in del_sw_hw_rule Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 28/71] sock: Make sock->sk_stamp thread-safe Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 29/71] ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() Greg Kroah-Hartman
2019-01-07 12:32 ` [PATCH 4.9 30/71] ALSA: rme9652: Fix potential Spectre v1 vulnerability Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 31/71] ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 32/71] ALSA: pcm: Fix potential Spectre v1 vulnerability Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 33/71] ALSA: emux: Fix potential Spectre v1 vulnerabilities Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 34/71] mtd: atmel-quadspi: disallow building on ebsa110 Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 35/71] ALSA: hda: add mute LED support for HP EliteBook 840 G4 Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 36/71] ALSA: hda/tegra: clear pending irq handlers Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 37/71] USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 38/71] USB: serial: option: add Fibocom NL678 series Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 39/71] usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable() Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 40/71] staging: wilc1000: fix missing read_write setting when reading data Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 41/71] qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 42/71] Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 43/71] KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 44/71] platform-msi: Free descriptors in platform_msi_domain_free() Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 45/71] perf pmu: Suppress potential format-truncation warning Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 46/71] ext4: fix possible use after free in ext4_quota_enable Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 47/71] ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 48/71] ext4: fix EXT4_IOC_GROUP_ADD ioctl Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 49/71] ext4: include terminating u32 in size of xattr entries when expanding inodes Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 50/71] ext4: force inode writes when nfsd calls commit_metadata() Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 51/71] ext4: check for shutdown and r/o file system in ext4_write_inode() Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 52/71] spi: bcm2835: Fix race on DMA termination Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 53/71] spi: bcm2835: Fix book-keeping of " Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 54/71] spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 55/71] clk: rockchip: fix typo in rk3188 spdif_frac parent Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 56/71] cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 57/71] Btrfs: fix fsync of files with multiple hard links in new directories Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 58/71] btrfs: run delayed items before dropping the snapshot Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 59/71] powerpc/tm: Set MSR[TS] just prior to recheckpoint Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 60/71] f2fs: fix validation of the block count in sanity_check_raw_super Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 61/71] serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 62/71] media: vivid: free bitmap_cap when updating std/timings/etc Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 63/71] media: v4l2-tpg: array index could become negative Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 64/71] MIPS: Ensure pmd_present() returns false after pmd_mknotpresent() Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 65/71] MIPS: Align kernel load address to 64KB Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 66/71] MIPS: OCTEON: mark RGMII interface disabled on OCTEON III Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 67/71] CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 68/71] x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 69/71] arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 70/71] rtc: m41t80: Correct alarm month range with RTC reads Greg Kroah-Hartman
2019-01-07 12:33 ` [PATCH 4.9 71/71] tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x Greg Kroah-Hartman
2019-01-07 14:40 ` [PATCH 4.9 00/71] 4.9.149-stable review Daniel Díaz
2019-01-07 14:54 ` Greg Kroah-Hartman
2019-01-07 15:03 ` Greg Kroah-Hartman
2019-01-07 14:52 ` Greg Kroah-Hartman
2019-01-07 15:53 ` Greg Kroah-Hartman
2019-01-08 7:55 ` Naresh Kamboju
2019-01-07 22:33 ` shuah
2019-01-07 22:37 ` shuah
2019-01-08 4:57 ` Guenter Roeck
2019-01-08 12:18 ` Greg Kroah-Hartman
2019-01-08 12:19 ` Greg Kroah-Hartman
2019-01-09 10:46 ` Jon Hunter
2019-01-08 23:05 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190107105330.874291421@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=jon.maloy@ericsson.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+c56449ed3652e6720f30@syzkaller.appspotmail.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).