CVS commit: src/sys/net

Fri, 31 Aug 2018 08:16:03 -0700 

Module Name:    src
Committed By:   maxv
Date:           Fri Aug 31 15:15:23 UTC 2018

Modified Files:
        src/sys/net: rtsock.c

Log Message:
Fix buffer overflow, detected by kASan.

        ifconfig gif0 create
        ifconfig gif0 up

[   50.682919] kASan: Unauthorized Access In 0xffffffff80f22655: Addr 
0xffffffff81b997a0 [8 bytes, read]
[   50.682919] #0 0xffffffff8021ce6a in kasan_memcpy <netbsd>
[   50.692999] #1 0xffffffff80f22655 in m_copyback_internal <netbsd>
[   50.692999] #2 0xffffffff80f22e81 in m_copyback <netbsd>
[   50.692999] #3 0xffffffff8103109a in rt_msg1 <netbsd>
[   50.692999] #4 0xffffffff8159109a in compat_70_rt_newaddrmsg1 <netbsd>
[   50.692999] #5 0xffffffff81031b0f in rt_newaddrmsg <netbsd>
[   50.692999] #6 0xffffffff8102c35e in rt_ifa_addlocal <netbsd>
[   50.692999] #7 0xffffffff80a5287c in in6_update_ifa1 <netbsd>
[   50.692999] #8 0xffffffff80a54149 in in6_update_ifa <netbsd>
[   50.692999] #9 0xffffffff80a59176 in in6_ifattach <netbsd>
[   50.692999] #10 0xffffffff80a56dd4 in in6_if_up <netbsd>
[   50.692999] #11 0xffffffff80fc5cb8 in if_up_locked <netbsd>
[   50.703622] #12 0xffffffff80fcc4c1 in ifioctl_common <netbsd>
[   50.703622] #13 0xffffffff80fde694 in gif_ioctl <netbsd>
[   50.703622] #14 0xffffffff80fcdb1f in doifioctl <netbsd>


To generate a diff of this commit:
cvs rdiff -u -r1.241 -r1.242 src/sys/net/rtsock.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/rtsock.c
diff -u src/sys/net/rtsock.c:1.241 src/sys/net/rtsock.c:1.242
--- src/sys/net/rtsock.c:1.241	Wed Apr 25 03:49:57 2018
+++ src/sys/net/rtsock.c	Fri Aug 31 15:15:23 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: rtsock.c,v 1.241 2018/04/25 03:49:57 ozaki-r Exp $	*/
+/*	$NetBSD: rtsock.c,v 1.242 2018/08/31 15:15:23 maxv Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.241 2018/04/25 03:49:57 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.242 2018/08/31 15:15:23 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -1221,11 +1221,11 @@ COMPATNAME(rt_msg1)(int type, struct rt_
 		m_copyback(m, len, sa->sa_len, sa);
 		if (dlen != sa->sa_len) {
 			/*
-			 * Up to 6 + 1 nul's since roundup is to
+			 * Up to 7 + 1 nul's since roundup is to
 			 * sizeof(uint64_t) (8 bytes)
 			 */
 			m_copyback(m, len + sa->sa_len,
-			    dlen - sa->sa_len, "\0\0\0\0\0\0");
+			    dlen - sa->sa_len, "\0\0\0\0\0\0\0");
 		}
 		len += dlen;
 	}

Reply via email to