Re: [Linux-kernel-mentees] [PATCH net-next v2] ipvs: Fix uninit-value in do_ip_vs_set_ctl()

2020-08-28 Thread Pablo Neira Ayuso 
On Tue, Aug 11, 2020 at 03:46:40AM -0400, Peilin Ye wrote:
> do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is
> zero. Fix it.

Applied to nf-next, thanks.

Re: [Linux-kernel-mentees] [PATCH net-next v2] ipvs: Fix uninit-value in do_ip_vs_set_ctl()

2020-08-12 Thread Pablo Neira Ayuso 
On Tue, Aug 11, 2020 at 02:59:59PM +0200, Simon Horman wrote:
> On Tue, Aug 11, 2020 at 01:29:04PM +0300, Julian Anastasov wrote:
> > 
> > Hello,
> > 
> > On Tue, 11 Aug 2020, Peilin Ye wrote:
> > 
> > > do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is
> > > zero. Fix it.
> > > 
> > > Reported-by: syzbot+23b5f9e7caf61d9a3...@syzkaller.appspotmail.com
> > > Link: 
> > > https://syzkaller.appspot.com/bug?id=46ebfb92a8a812621a001ef04d90dfa459520fe2
> > > Suggested-by: Julian Anastasov 
> > > Signed-off-by: Peilin Ye 
> > 
> > Looks good to me, thanks!
> > 
> > Acked-by: Julian Anastasov 
> 
> Pablo, could you consider this for nf-next or should we repost when
> net-next re-opens?

No worries, it will sit in netfilter's patchwork until net-next
reopens.

Re: [Linux-kernel-mentees] [PATCH net-next v2] ipvs: Fix uninit-value in do_ip_vs_set_ctl()

2020-08-11 Thread Simon Horman 
On Tue, Aug 11, 2020 at 01:29:04PM +0300, Julian Anastasov wrote:
> 
>   Hello,
> 
> On Tue, 11 Aug 2020, Peilin Ye wrote:
> 
> > do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is
> > zero. Fix it.
> > 
> > Reported-by: syzbot+23b5f9e7caf61d9a3...@syzkaller.appspotmail.com
> > Link: 
> > https://syzkaller.appspot.com/bug?id=46ebfb92a8a812621a001ef04d90dfa459520fe2
> > Suggested-by: Julian Anastasov 
> > Signed-off-by: Peilin Ye 
> 
>   Looks good to me, thanks!
> 
> Acked-by: Julian Anastasov 

Pablo, could you consider this for nf-next or should we repost when
net-next re-opens?

Reviewed-by: Simon Horman

Re: [Linux-kernel-mentees] [PATCH net-next v2] ipvs: Fix uninit-value in do_ip_vs_set_ctl()

2020-08-11 Thread Julian Anastasov 


Hello,

On Tue, 11 Aug 2020, Peilin Ye wrote:

> do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is
> zero. Fix it.
> 
> Reported-by: syzbot+23b5f9e7caf61d9a3...@syzkaller.appspotmail.com
> Link: 
> https://syzkaller.appspot.com/bug?id=46ebfb92a8a812621a001ef04d90dfa459520fe2
> Suggested-by: Julian Anastasov 
> Signed-off-by: Peilin Ye 

Looks good to me, thanks!

Acked-by: Julian Anastasov 

> ---
> Changes in v2:
> - Target net-next tree. (Suggested by Julian Anastasov )
> - Reject all `len == 0` requests except `IP_VS_SO_SET_FLUSH`, instead
>   of initializing `arg`. (Suggested by Cong Wang
>   , Julian Anastasov )
> 
>  net/netfilter/ipvs/ip_vs_ctl.c | 7 ---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index 412656c34f20..beeafa42aad7 100644
> --- a/net/netfilter/ipvs/ip_vs_ctl.c
> +++ b/net/netfilter/ipvs/ip_vs_ctl.c
> @@ -2471,6 +2471,10 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user 
> *user, unsigned int len)
>   /* Set timeout values for (tcp tcpfin udp) */
>   ret = ip_vs_set_timeout(ipvs, (struct ip_vs_timeout_user *)arg);
>   goto out_unlock;
> + } else if (!len) {
> + /* No more commands with len == 0 below */
> + ret = -EINVAL;
> + goto out_unlock;
>   }
>  
>   usvc_compat = (struct ip_vs_service_user *)arg;
> @@ -2547,9 +2551,6 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user 
> *user, unsigned int len)
>   break;
>   case IP_VS_SO_SET_DELDEST:
>   ret = ip_vs_del_dest(svc, &udest);
> - break;
> - default:
> - ret = -EINVAL;
>   }
>  
>out_unlock:
> -- 
> 2.25.1

Regards

--
Julian Anastasov

[Linux-kernel-mentees] [PATCH net-next v2] ipvs: Fix uninit-value in do_ip_vs_set_ctl()

2020-08-11 Thread Peilin Ye 
do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is
zero. Fix it.

Reported-by: syzbot+23b5f9e7caf61d9a3...@syzkaller.appspotmail.com
Link: 
https://syzkaller.appspot.com/bug?id=46ebfb92a8a812621a001ef04d90dfa459520fe2
Suggested-by: Julian Anastasov 
Signed-off-by: Peilin Ye 
---
Changes in v2:
- Target net-next tree. (Suggested by Julian Anastasov )
- Reject all `len == 0` requests except `IP_VS_SO_SET_FLUSH`, instead
  of initializing `arg`. (Suggested by Cong Wang
  , Julian Anastasov )

 net/netfilter/ipvs/ip_vs_ctl.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 412656c34f20..beeafa42aad7 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2471,6 +2471,10 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user 
*user, unsigned int len)
/* Set timeout values for (tcp tcpfin udp) */
ret = ip_vs_set_timeout(ipvs, (struct ip_vs_timeout_user *)arg);
goto out_unlock;
+   } else if (!len) {
+   /* No more commands with len == 0 below */
+   ret = -EINVAL;
+   goto out_unlock;
}
 
usvc_compat = (struct ip_vs_service_user *)arg;
@@ -2547,9 +2551,6 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user 
*user, unsigned int len)
break;
case IP_VS_SO_SET_DELDEST:
ret = ip_vs_del_dest(svc, &udest);
-   break;
-   default:
-   ret = -EINVAL;
}
 
   out_unlock:
-- 
2.25.1