Re: [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip

lvs-devel

Re: [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_v

To:	Peilin Ye <yepeilin.cs@xxxxxxxxx>
Subject:	Re: [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl()
Cc:	Wensong Zhang <wensong@xxxxxxxxxxxx>, Simon Horman <horms@xxxxxxxxxxxx>, Julian Anastasov <ja@xxxxxx>, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>, Florian Westphal <fw@xxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>, Jakub Kicinski <kuba@xxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, Linux Kernel Network Developers <netdev@xxxxxxxxxxxxxxx>, lvs-devel@xxxxxxxxxxxxxxx, NetFilter <netfilter-devel@xxxxxxxxxxxxxxx>, coreteam@xxxxxxxxxxxxx, linux-kernel-mentees@xxxxxxxxxxxxxxxxxxxxxxxxx, syzkaller-bugs <syzkaller-bugs@xxxxxxxxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>
From:	Cong Wang <xiyou.wangcong@xxxxxxxxx>
Date:	Mon, 10 Aug 2020 20:57:19 -0700

On Mon, Aug 10, 2020 at 3:10 PM Peilin Ye <yepeilin.cs@xxxxxxxxx> wrote:
>
> do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is
> zero. Fix it.

Which exact 'cmd' is it here?

I _guess_ it is one of those uninitialized in set_arglen[], which is 0.
But if that is the case, should it be initialized to
sizeof(struct ip_vs_service_user) instead because ip_vs_copy_usvc_compat()
is called anyway. Or, maybe we should just ban len==0 case.

In either case, it does not look like you fix it correctly.

Thanks.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl(), Peilin Ye Re: [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl(), Cong Wang <= Re: [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl(), Peilin Ye Re: [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl(), Julian Anastasov Re: [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl(), Peilin Ye [Linux-kernel-mentees] [PATCH net-next v2] ipvs: Fix uninit-value in do_ip_vs_set_ctl(), Peilin Ye Re: [Linux-kernel-mentees] [PATCH net-next v2] ipvs: Fix uninit-value in do_ip_vs_set_ctl(), Julian Anastasov Re: [Linux-kernel-mentees] [PATCH net-next v2] ipvs: Fix uninit-value in do_ip_vs_set_ctl(), Simon Horman Re: [Linux-kernel-mentees] [PATCH net-next v2] ipvs: Fix uninit-value in do_ip_vs_set_ctl(), Pablo Neira Ayuso

Previous by Date:	[Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl(), Peilin Ye
Next by Date:	Re: [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl(), Peilin Ye
Previous by Thread:	[Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl(), Peilin Ye
Next by Thread:	Re: [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl(), Peilin Ye
Indexes:	[Date] [Thread] [Top] [All Lists]