Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9ef1d4c7 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

[NETLINK]: Missing initializations in dumped data 



Mostly missing initialization of padding fields of 1 or 2 bytes length,
two instances of uninitialized nlmsgerr->msg of 16 bytes length.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent b3563c4f

net/core/neighbour.c

+6 −0
Original line number Original line Diff line number Diff line
@@ -1598,6 +1598,8 @@ static int neightbl_fill_info(struct neigh_table *tbl, struct sk_buff *skb, 




	read_lock_bh(&tbl->lock);

	read_lock_bh(&tbl->lock);

	ndtmsg->ndtm_family = tbl->family;

	ndtmsg->ndtm_family = tbl->family;

	ndtmsg->ndtm_pad1   = 0;

	ndtmsg->ndtm_pad2   = 0;





	RTA_PUT_STRING(skb, NDTA_NAME, tbl->id);

	RTA_PUT_STRING(skb, NDTA_NAME, tbl->id);

	RTA_PUT_MSECS(skb, NDTA_GC_INTERVAL, tbl->gc_interval);

	RTA_PUT_MSECS(skb, NDTA_GC_INTERVAL, tbl->gc_interval);
@@ -1683,6 +1685,8 @@ static int neightbl_fill_param_info(struct neigh_table *tbl, 




	read_lock_bh(&tbl->lock);

	read_lock_bh(&tbl->lock);

	ndtmsg->ndtm_family = tbl->family;

	ndtmsg->ndtm_family = tbl->family;

	ndtmsg->ndtm_pad1   = 0;

	ndtmsg->ndtm_pad2   = 0;

	RTA_PUT_STRING(skb, NDTA_NAME, tbl->id);

	RTA_PUT_STRING(skb, NDTA_NAME, tbl->id);





	if (neightbl_fill_parms(skb, parms) < 0)

	if (neightbl_fill_parms(skb, parms) < 0)
@@ -1872,6 +1876,8 @@ static int neigh_fill_info(struct sk_buff *skb, struct neighbour *n, 
	struct ndmsg *ndm = NLMSG_DATA(nlh);

	struct ndmsg *ndm = NLMSG_DATA(nlh);





	ndm->ndm_family	 = n->ops->family;

	ndm->ndm_family	 = n->ops->family;

	ndm->ndm_pad1    = 0;

	ndm->ndm_pad2    = 0;

	ndm->ndm_flags	 = n->flags;

	ndm->ndm_flags	 = n->flags;

	ndm->ndm_type	 = n->type;

	ndm->ndm_type	 = n->type;

	ndm->ndm_ifindex = n->dev->ifindex;

	ndm->ndm_ifindex = n->dev->ifindex;

net/core/rtnetlink.c

+1 −0
Original line number Original line Diff line number Diff line
@@ -189,6 +189,7 @@ static int rtnetlink_fill_ifinfo(struct sk_buff *skb, struct net_device *dev, 
	nlh = NLMSG_NEW(skb, pid, seq, type, sizeof(*r), flags);

	nlh = NLMSG_NEW(skb, pid, seq, type, sizeof(*r), flags);

	r = NLMSG_DATA(nlh);

	r = NLMSG_DATA(nlh);

	r->ifi_family = AF_UNSPEC;

	r->ifi_family = AF_UNSPEC;

	r->__ifi_pad = 0;

	r->ifi_type = dev->type;

	r->ifi_type = dev->type;

	r->ifi_index = dev->ifindex;

	r->ifi_index = dev->ifindex;

	r->ifi_flags = dev_get_flags(dev);

	r->ifi_flags = dev_get_flags(dev);

net/core/wireless.c

+1 −0
Original line number Original line Diff line number Diff line
@@ -1102,6 +1102,7 @@ static inline int rtnetlink_fill_iwinfo(struct sk_buff * skb, 
	nlh = NLMSG_PUT(skb, 0, 0, type, sizeof(*r));

	nlh = NLMSG_PUT(skb, 0, 0, type, sizeof(*r));

	r = NLMSG_DATA(nlh);

	r = NLMSG_DATA(nlh);

	r->ifi_family = AF_UNSPEC;

	r->ifi_family = AF_UNSPEC;

	r->__ifi_pad = 0;

	r->ifi_type = dev->type;

	r->ifi_type = dev->type;

	r->ifi_index = dev->ifindex;

	r->ifi_index = dev->ifindex;

	r->ifi_flags = dev->flags;

	r->ifi_flags = dev->flags;

net/ipv4/ipmr.c

+8 −2
Original line number Original line Diff line number Diff line
@@ -297,6 +297,7 @@ static int vif_delete(int vifi) 
static void ipmr_destroy_unres(struct mfc_cache *c)

static void ipmr_destroy_unres(struct mfc_cache *c)

{

{

	struct sk_buff *skb;

	struct sk_buff *skb;

	struct nlmsgerr *e;





	atomic_dec(&cache_resolve_queue_len);

	atomic_dec(&cache_resolve_queue_len);
@@ -306,7 +307,9 @@ static void ipmr_destroy_unres(struct mfc_cache *c) 
			nlh->nlmsg_type = NLMSG_ERROR;

			nlh->nlmsg_type = NLMSG_ERROR;

			nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));

			nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));

			skb_trim(skb, nlh->nlmsg_len);

			skb_trim(skb, nlh->nlmsg_len);

			((struct nlmsgerr*)NLMSG_DATA(nlh))->error = -ETIMEDOUT;

			e = NLMSG_DATA(nlh);

			e->error = -ETIMEDOUT;

			memset(&e->msg, 0, sizeof(e->msg));

			netlink_unicast(rtnl, skb, NETLINK_CB(skb).dst_pid, MSG_DONTWAIT);

			netlink_unicast(rtnl, skb, NETLINK_CB(skb).dst_pid, MSG_DONTWAIT);

		} else

		} else

			kfree_skb(skb);

			kfree_skb(skb);
@@ -499,6 +502,7 @@ static struct mfc_cache *ipmr_cache_alloc_unres(void) 
static void ipmr_cache_resolve(struct mfc_cache *uc, struct mfc_cache *c)

static void ipmr_cache_resolve(struct mfc_cache *uc, struct mfc_cache *c)

{

{

	struct sk_buff *skb;

	struct sk_buff *skb;

	struct nlmsgerr *e;





	/*

	/*

	 *	Play the pending entries through our router

	 *	Play the pending entries through our router
@@ -515,7 +519,9 @@ static void ipmr_cache_resolve(struct mfc_cache *uc, struct mfc_cache *c) 
				nlh->nlmsg_type = NLMSG_ERROR;

				nlh->nlmsg_type = NLMSG_ERROR;

				nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));

				nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));

				skb_trim(skb, nlh->nlmsg_len);

				skb_trim(skb, nlh->nlmsg_len);

				((struct nlmsgerr*)NLMSG_DATA(nlh))->error = -EMSGSIZE;

				e = NLMSG_DATA(nlh);

				e->error = -EMSGSIZE;

				memset(&e->msg, 0, sizeof(e->msg));

			}

			}

			err = netlink_unicast(rtnl, skb, NETLINK_CB(skb).dst_pid, MSG_DONTWAIT);

			err = netlink_unicast(rtnl, skb, NETLINK_CB(skb).dst_pid, MSG_DONTWAIT);

		} else

		} else

net/ipv6/addrconf.c

+1 −0
Original line number Original line Diff line number Diff line
@@ -2923,6 +2923,7 @@ static int inet6_fill_ifinfo(struct sk_buff *skb, struct inet6_dev *idev, 
	nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*r), flags);

	nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*r), flags);

	r = NLMSG_DATA(nlh);

	r = NLMSG_DATA(nlh);

	r->ifi_family = AF_INET6;

	r->ifi_family = AF_INET6;

	r->__ifi_pad = 0;

	r->ifi_type = dev->type;

	r->ifi_type = dev->type;

	r->ifi_index = dev->ifindex;

	r->ifi_index = dev->ifindex;

	r->ifi_flags = dev_get_flags(dev);

	r->ifi_flags = dev_get_flags(dev);