WSL2-Linux-Kernel/net/tipc
Hoang Le 92a930fcf4 tipc: check attribute length for bearer name
[ Upstream commit 7f36f798f8 ]

syzbot reported uninit-value:
=====================================================
BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:644 [inline]
BUG: KMSAN: uninit-value in string+0x4f9/0x6f0 lib/vsprintf.c:725
 string_nocheck lib/vsprintf.c:644 [inline]
 string+0x4f9/0x6f0 lib/vsprintf.c:725
 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806
 vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158
 vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256
 vprintk_default+0x86/0xa0 kernel/printk/printk.c:2283
 vprintk+0x15f/0x180 kernel/printk/printk_safe.c:50
 _printk+0x18d/0x1cf kernel/printk/printk.c:2293
 tipc_enable_bearer net/tipc/bearer.c:371 [inline]
 __tipc_nl_bearer_enable+0x2022/0x22a0 net/tipc/bearer.c:1033
 tipc_nl_bearer_enable+0x6c/0xb0 net/tipc/bearer.c:1042
 genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]

- Do sanity check the attribute length for TIPC_NLA_BEARER_NAME.
- Do not use 'illegal name' in printing message.

Reported-by: syzbot+e820fdc8ce362f2dea51@syzkaller.appspotmail.com
Fixes: cb30a63384 ("tipc: refactor function tipc_enable_bearer()")
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
Link: https://lore.kernel.org/r/20220602063053.5892-1-hoang.h.le@dektech.com.au
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-06-14 18:36:13 +02:00
..
Kconfig
Makefile
addr.c
addr.h
bcast.c
bcast.h
bearer.c tipc: check attribute length for bearer name 2022-06-14 18:36:13 +02:00
bearer.h
core.c
core.h
crypto.c tipc: fix a bit overflow in tipc_crypto_key_rcv() 2022-03-08 19:12:30 +01:00
crypto.h
diag.c
discover.c
discover.h
eth_media.c
group.c
group.h
ib_media.c
link.c tipc: fix incorrect order of state message data sanity check 2022-03-16 14:23:38 +01:00
link.h
monitor.c tipc: improve size validations for received domain records 2022-02-11 09:10:26 +01:00
monitor.h
msg.c
msg.h
name_distr.c tipc: rate limit warning for received illegal binding update 2022-02-16 12:56:30 +01:00
name_distr.h
name_table.c tipc: Fix end of loop tests for list_for_each_entry() 2022-03-02 11:47:56 +01:00
name_table.h
net.c
net.h
netlink.c
netlink.h
netlink_compat.c
node.c tipc: fix wrong notification node addresses 2022-02-23 12:03:14 +01:00
node.h
socket.c tipc: fix the timer expires after interval 100ms 2022-04-08 14:23:43 +02:00
socket.h
subscr.c
subscr.h
sysctl.c
topsrv.c
topsrv.h
trace.c
trace.h
udp_media.c
udp_media.h