diff mbox series

[next] sctp: Fix out-of-bounds warning in sctp_process_asconf_param()

Message ID 20210416191236.GA589296@embeddedor (mailing list archive)
State Accepted
Commit e5272ad4aab347dde5610c0aedb786219e3ff793
Delegated to: Netdev Maintainers
Headers show
Series [next] sctp: Fix out-of-bounds warning in sctp_process_asconf_param() | expand

Checks

Context Check Description
netdev/cover_letter success Link
netdev/fixes_present success Link
netdev/patch_count success Link
netdev/tree_selection success Guessed tree name to be net-next
netdev/subject_prefix warning Target tree name not specified in the subject
netdev/cc_maintainers success CCed 7 of 7 maintainers
netdev/source_inline success Was 0 now: 0
netdev/verify_signedoff success Link
netdev/module_param success Was 0 now: 0
netdev/build_32bit success Errors and warnings before: 2 this patch: 2
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/verify_fixes success Link
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 8 lines checked
netdev/build_allmodconfig_warn success Errors and warnings before: 2 this patch: 2
netdev/header_inline success Link

Commit Message

Gustavo A. R. Silva April 16, 2021, 7:12 p.m. UTC 
Fix the following out-of-bounds warning:

net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the object at 'addr' is out of the bounds of referenced subobject 'v4' with type 'struct sockaddr_in' at offset 0 [-Warray-bounds]

This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().

Link: https://github.com/KSPP/linux/issues/109
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
 net/sctp/sm_make_chunk.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Kees Cook April 16, 2021, 7:53 p.m. UTC | #1 
On Fri, Apr 16, 2021 at 02:12:36PM -0500, Gustavo A. R. Silva wrote:
> Fix the following out-of-bounds warning:
> 
> net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the object at 'addr' is out of the bounds of referenced subobject 'v4' with type 'struct sockaddr_in' at offset 0 [-Warray-bounds]
> 
> This helps with the ongoing efforts to globally enable -Warray-bounds
> and get us closer to being able to tighten the FORTIFY_SOURCE routines
> on memcpy().
> 
> Link: https://github.com/KSPP/linux/issues/109
> Reported-by: kernel test robot <lkp@intel.com>
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>

Yup!

Reviewed-by: Kees Cook <keescook@chromium.org>
Gustavo A. R. Silva April 16, 2021, 8:16 p.m. UTC | #2 
On 4/16/21 14:53, Kees Cook wrote:
> On Fri, Apr 16, 2021 at 02:12:36PM -0500, Gustavo A. R. Silva wrote:
>> Fix the following out-of-bounds warning:
>>
>> net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the object at 'addr' is out of the bounds of referenced subobject 'v4' with type 'struct sockaddr_in' at offset 0 [-Warray-bounds]
>>
>> This helps with the ongoing efforts to globally enable -Warray-bounds
>> and get us closer to being able to tighten the FORTIFY_SOURCE routines
>> on memcpy().
>>
>> Link: https://github.com/KSPP/linux/issues/109
>> Reported-by: kernel test robot <lkp@intel.com>
>> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> 
> Yup!

:)

> Reviewed-by: Kees Cook <keescook@chromium.org>

Thanks, Kees.

--
Gustavo
Marcelo Ricardo Leitner April 16, 2021, 9:12 p.m. UTC | #3 
On Fri, Apr 16, 2021 at 02:12:36PM -0500, Gustavo A. R. Silva wrote:
> Fix the following out-of-bounds warning:
> 
> net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the object at 'addr' is out of the bounds of referenced subobject 'v4' with type 'struct sockaddr_in' at offset 0 [-Warray-bounds]
> 
> This helps with the ongoing efforts to globally enable -Warray-bounds
> and get us closer to being able to tighten the FORTIFY_SOURCE routines
> on memcpy().
> 
> Link: https://github.com/KSPP/linux/issues/109
> Reported-by: kernel test robot <lkp@intel.com>
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>

Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Thanks.
Gustavo A. R. Silva April 17, 2021, 12:07 a.m. UTC | #4 
Dave,

On 4/16/21 19:00, patchwork-bot+netdevbpf@kernel.org wrote:
> Hello:
> 
> This patch was applied to netdev/net-next.git (refs/heads/master):
> 
> On Fri, 16 Apr 2021 14:12:36 -0500 you wrote:
>> Fix the following out-of-bounds warning:
>>
>> net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the object at 'addr' is out of the bounds of referenced subobject 'v4' with type 'struct sockaddr_in' at offset 0 [-Warray-bounds]
>>
>> This helps with the ongoing efforts to globally enable -Warray-bounds
>> and get us closer to being able to tighten the FORTIFY_SOURCE routines
>> on memcpy().
>>
>> [...]
> 
> Here is the summary with links:
>   - [next] sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
>     https://git.kernel.org/netdev/net-next/c/e5272ad4aab3

Thanks for this. Can you take these other two, as well, please?

https://lore.kernel.org/linux-hardening/20210416201540.GA593906@embeddedor/
https://lore.kernel.org/linux-hardening/20210416193151.GA591935@embeddedor/

Thanks!
--
Gustavo
David Miller April 19, 2021, 10:34 p.m. UTC | #5 
From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
Date: Fri, 16 Apr 2021 19:07:05 -0500

> Dave,
> 
> On 4/16/21 19:00, patchwork-bot+netdevbpf@kernel.org wrote:
>> Hello:
>> 
>> This patch was applied to netdev/net-next.git (refs/heads/master):
>> 
>> On Fri, 16 Apr 2021 14:12:36 -0500 you wrote:
>>> Fix the following out-of-bounds warning:
>>>
>>> net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the object at 'addr' is out of the bounds of referenced subobject 'v4' with type 'struct sockaddr_in' at offset 0 [-Warray-bounds]
>>>
>>> This helps with the ongoing efforts to globally enable -Warray-bounds
>>> and get us closer to being able to tighten the FORTIFY_SOURCE routines
>>> on memcpy().
>>>
>>> [...]
>> 
>> Here is the summary with links:
>>   - [next] sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
>>     https://git.kernel.org/netdev/net-next/c/e5272ad4aab3
> 
> Thanks for this. Can you take these other two, as well, please?
> 
> https://lore.kernel.org/linux-hardening/20210416201540.GA593906@embeddedor/
> https://lore.kernel.org/linux-hardening/20210416193151.GA591935@embeddedor/
> 

Done.
Gustavo A. R. Silva April 19, 2021, 10:39 p.m. UTC | #6 
On 4/19/21 17:34, David Miller wrote:

>> Thanks for this. Can you take these other two, as well, please?
>>
>> https://lore.kernel.org/linux-hardening/20210416201540.GA593906@embeddedor/
>> https://lore.kernel.org/linux-hardening/20210416193151.GA591935@embeddedor/
>>
> 
> Done.

Thanks, Dave!

--
Gustavo
diff mbox series

Patch

diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 54e6a708d06e..5f9a7c028274 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -3147,7 +3147,7 @@  static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
 		 * primary.
 		 */
 		if (af->is_any(&addr))
-			memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
+			memcpy(&addr, sctp_source(asconf), sizeof(addr));
 
 		if (security_sctp_bind_connect(asoc->ep->base.sk,
 					       SCTP_PARAM_SET_PRIMARY,