Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dcf1158b authored by Neal Cardwell's avatar Neal Cardwell Committed by David S. Miller
Browse files

tcp: return sizeof tcp_dctcp_info in dctcp_get_info() 



Make sure that dctcp_get_info() returns only the size of the
info->dctcp struct that it zeroes out and fills in. Previously it had
been returning the size of the enclosing tcp_cc_info union,
sizeof(*info).  There is no problem yet, but that union that may one
day be larger than struct tcp_dctcp_info, in which case the
TCP_CC_INFO code might accidentally copy uninitialized bytes from the
stack.

Signed-off-by: default avatarNeal Cardwell <ncardwell@google.com>
Signed-off-by: default avatarSoheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent a5e27d18

net/ipv4/tcp_dctcp.c

+2 −2
Original line number Original line Diff line number Diff line
@@ -293,7 +293,7 @@ static size_t dctcp_get_info(struct sock *sk, u32 ext, int *attr, 
	 */

	 */

	if (ext & (1 << (INET_DIAG_DCTCPINFO - 1)) ||

	if (ext & (1 << (INET_DIAG_DCTCPINFO - 1)) ||

	    ext & (1 << (INET_DIAG_VEGASINFO - 1))) {

	    ext & (1 << (INET_DIAG_VEGASINFO - 1))) {

		memset(info, 0, sizeof(struct tcp_dctcp_info));

		memset(&info->dctcp, 0, sizeof(info->dctcp));

		if (inet_csk(sk)->icsk_ca_ops != &dctcp_reno) {

		if (inet_csk(sk)->icsk_ca_ops != &dctcp_reno) {

			info->dctcp.dctcp_enabled = 1;

			info->dctcp.dctcp_enabled = 1;

			info->dctcp.dctcp_ce_state = (u16) ca->ce_state;

			info->dctcp.dctcp_ce_state = (u16) ca->ce_state;
@@ -303,7 +303,7 @@ static size_t dctcp_get_info(struct sock *sk, u32 ext, int *attr, 
		}

		}





		*attr = INET_DIAG_DCTCPINFO;

		*attr = INET_DIAG_DCTCPINFO;

		return sizeof(*info);

		return sizeof(info->dctcp);

	}

	}

	return 0;

	return 0;

}

}