[next] sctp: Fix out-of-bounds warning in sctp_process_asconf_param()

Message ID 20210416191236.GA589296@embeddedor
State New
Headers show
Series
  • [next] sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
Related show

Commit Message

Gustavo A. R. Silva April 16, 2021, 7:12 p.m.
Fix the following out-of-bounds warning:

net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the object at 'addr' is out of the bounds of referenced subobject 'v4' with type 'struct sockaddr_in' at offset 0 [-Warray-bounds]

This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().

Link: https://github.com/KSPP/linux/issues/109
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
 net/sctp/sm_make_chunk.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Kees Cook April 16, 2021, 7:53 p.m. | #1
On Fri, Apr 16, 2021 at 02:12:36PM -0500, Gustavo A. R. Silva wrote:
> Fix the following out-of-bounds warning:
> 
> net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the object at 'addr' is out of the bounds of referenced subobject 'v4' with type 'struct sockaddr_in' at offset 0 [-Warray-bounds]
> 
> This helps with the ongoing efforts to globally enable -Warray-bounds
> and get us closer to being able to tighten the FORTIFY_SOURCE routines
> on memcpy().
> 
> Link: https://github.com/KSPP/linux/issues/109
> Reported-by: kernel test robot <lkp@intel.com>
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>

Yup!

Reviewed-by: Kees Cook <keescook@chromium.org>
Marcelo Ricardo Leitner April 16, 2021, 9:12 p.m. | #2
On Fri, Apr 16, 2021 at 02:12:36PM -0500, Gustavo A. R. Silva wrote:
> Fix the following out-of-bounds warning:
> 
> net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the object at 'addr' is out of the bounds of referenced subobject 'v4' with type 'struct sockaddr_in' at offset 0 [-Warray-bounds]
> 
> This helps with the ongoing efforts to globally enable -Warray-bounds
> and get us closer to being able to tighten the FORTIFY_SOURCE routines
> on memcpy().
> 
> Link: https://github.com/KSPP/linux/issues/109
> Reported-by: kernel test robot <lkp@intel.com>
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>

Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Thanks.
Gustavo A. R. Silva April 17, 2021, 12:07 a.m. | #3
Dave,

On 4/16/21 19:00, patchwork-bot+netdevbpf@kernel.org wrote:
> Hello:

> 

> This patch was applied to netdev/net-next.git (refs/heads/master):

> 

> On Fri, 16 Apr 2021 14:12:36 -0500 you wrote:

>> Fix the following out-of-bounds warning:

>>

>> net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the object at 'addr' is out of the bounds of referenced subobject 'v4' with type 'struct sockaddr_in' at offset 0 [-Warray-bounds]

>>

>> This helps with the ongoing efforts to globally enable -Warray-bounds

>> and get us closer to being able to tighten the FORTIFY_SOURCE routines

>> on memcpy().

>>

>> [...]

> 

> Here is the summary with links:

>   - [next] sctp: Fix out-of-bounds warning in sctp_process_asconf_param()

>     https://git.kernel.org/netdev/net-next/c/e5272ad4aab3


Thanks for this. Can you take these other two, as well, please?

https://lore.kernel.org/linux-hardening/20210416201540.GA593906@embeddedor/
https://lore.kernel.org/linux-hardening/20210416193151.GA591935@embeddedor/

Thanks!
--
Gustavo
David Miller April 19, 2021, 10:34 p.m. | #4
From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>

Date: Fri, 16 Apr 2021 19:07:05 -0500

> Dave,

> 

> On 4/16/21 19:00, patchwork-bot+netdevbpf@kernel.org wrote:

>> Hello:

>> 

>> This patch was applied to netdev/net-next.git (refs/heads/master):

>> 

>> On Fri, 16 Apr 2021 14:12:36 -0500 you wrote:

>>> Fix the following out-of-bounds warning:

>>>

>>> net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the object at 'addr' is out of the bounds of referenced subobject 'v4' with type 'struct sockaddr_in' at offset 0 [-Warray-bounds]

>>>

>>> This helps with the ongoing efforts to globally enable -Warray-bounds

>>> and get us closer to being able to tighten the FORTIFY_SOURCE routines

>>> on memcpy().

>>>

>>> [...]

>> 

>> Here is the summary with links:

>>   - [next] sctp: Fix out-of-bounds warning in sctp_process_asconf_param()

>>     https://git.kernel.org/netdev/net-next/c/e5272ad4aab3

> 

> Thanks for this. Can you take these other two, as well, please?

> 

> https://lore.kernel.org/linux-hardening/20210416201540.GA593906@embeddedor/

> https://lore.kernel.org/linux-hardening/20210416193151.GA591935@embeddedor/

> 


Done.
Gustavo A. R. Silva April 19, 2021, 10:39 p.m. | #5
On 4/19/21 17:34, David Miller wrote:

>> Thanks for this. Can you take these other two, as well, please?

>>

>> https://lore.kernel.org/linux-hardening/20210416201540.GA593906@embeddedor/

>> https://lore.kernel.org/linux-hardening/20210416193151.GA591935@embeddedor/

>>

> 

> Done.


Thanks, Dave!

--
Gustavo

Patch

diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 54e6a708d06e..5f9a7c028274 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -3147,7 +3147,7 @@  static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
 		 * primary.
 		 */
 		if (af->is_any(&addr))
-			memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
+			memcpy(&addr, sctp_source(asconf), sizeof(addr));
 
 		if (security_sctp_bind_connect(asoc->ep->base.sk,
 					       SCTP_PARAM_SET_PRIMARY,