mirror
/
linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux/net/can
History
Anant Thazhemadam 9aa9379d8f can: af_can: prevent potential access of uninitialized member in canfd_rcv() 
In canfd_rcv(), cfd->len is uninitialized when skb->len = 0, and this
uninitialized cfd->len is accessed nonetheless by pr_warn_once().

Fix this uninitialized variable access by checking cfd->len's validity
condition (cfd->len > CANFD_MAX_DLEN) separately after the skb->len's
condition is checked, and appropriately modify the log messages that
are generated as well.
In case either of the required conditions fail, the skb is freed and
NET_RX_DROP is returned, same as before.

Fixes: d468984688 ("can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once")
Reported-by: syzbot+9bcb0c9409066696d3aa@syzkaller.appspotmail.com
Tested-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
Link: https://lore.kernel.org/r/20201103213906.24219-3-anant.thazhemadam@gmail.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
 		2020-11-15 18:24:33 +01:00
..
j1939 can: j1939: j1939_sk_bind(): return failure if netdev is down 2020-11-03 22:30:31 +01:00
Kconfig can: isotp: Explain PDU in CAN_ISOTP help text 2020-11-03 22:30:31 +01:00
Makefile can: add ISO 15765-2:2016 transport protocol 2020-10-07 23:18:33 +02:00
af_can.c can: af_can: prevent potential access of uninitialized member in canfd_rcv() 2020-11-15 18:24:33 +01:00
af_can.h can: introduce CAN midlayer private and allocate it automatically 2019-09-04 13:29:14 +02:00
bcm.c can: remove obsolete version strings 2020-10-12 10:06:39 +02:00
gw.c can: remove obsolete version strings 2020-10-12 10:06:39 +02:00
isotp.c can: isotp: padlen(): make const array static, makes object smaller 2020-11-03 22:30:32 +01:00
proc.c can: proc: can_remove_proc(): silence remove_proc_entry warning 2020-11-03 22:24:19 +01:00
raw.c can: remove obsolete version strings 2020-10-12 10:06:39 +02:00