Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

tcp: fix out-of-bounds access in ULP sysctl

KASAN reports out-of-bound access in proc_dostring() coming from
proc_tcp_available_ulp() because in case TCP ULP list is empty
the buffer allocated for the response will not have anything
printed into it.  Set the first byte to zero to avoid strlen()
going out-of-bounds.

Fixes: 734942cc4ea6 ("tcp: ULP infrastructure")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jakub Kicinski 8 years ago
parent
239946314e
commit
926f38e974
1 changed files with 1 additions and 0 deletions
Unified View Show Diff Stats
  1. 1 0
      net/ipv4/tcp_ulp.c

+ 1 - 0
net/ipv4/tcp_ulp.c
View File 

@@ -88,6 +88,7 @@ void tcp_get_available_ulp(char *buf, size_t maxlen)
 
 	struct tcp_ulp_ops *ulp_ops;
 
 	struct tcp_ulp_ops *ulp_ops;
 
 	size_t offs = 0;
 
 	size_t offs = 0;
 
 
 
+	*buf = '\0';
 
 	rcu_read_lock();
 
 	rcu_read_lock();
 
 	list_for_each_entry_rcu(ulp_ops, &tcp_ulp_list, list) {
 
 	list_for_each_entry_rcu(ulp_ops, &tcp_ulp_list, list) {
 
 		offs += snprintf(buf + offs, maxlen - offs,
 
 		offs += snprintf(buf + offs, maxlen - offs,