Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
[NETLINK]: Missing initializations in dumped data
Mostly missing initialization of padding fields of 1 or 2 bytes length,
two instances of uninitialized nlmsgerr->msg of 16 bytes length.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by Patrick McHardy and committed by David S. Miller 9ef1d4c7 b3563c4f
+6
net/core/neighbour.c
+6
net/core/neighbour.c
···
1598
1599
read_lock_bh(&tbl->lock);
1600
ndtmsg->ndtm_family = tbl->family;
1601
1602
RTA_PUT_STRING(skb, NDTA_NAME, tbl->id);
1603
RTA_PUT_MSECS(skb, NDTA_GC_INTERVAL, tbl->gc_interval);
···
1685
1686
read_lock_bh(&tbl->lock);
1687
ndtmsg->ndtm_family = tbl->family;
1688
RTA_PUT_STRING(skb, NDTA_NAME, tbl->id);
1689
1690
if (neightbl_fill_parms(skb, parms) < 0)
···
1876
struct ndmsg *ndm = NLMSG_DATA(nlh);
1877
1878
ndm->ndm_family = n->ops->family;
1879
ndm->ndm_flags = n->flags;
1880
ndm->ndm_type = n->type;
1881
ndm->ndm_ifindex = n->dev->ifindex;
···
1598
1599
read_lock_bh(&tbl->lock);
1600
ndtmsg->ndtm_family = tbl->family;
1601
+
ndtmsg->ndtm_pad1 = 0;
1602
+
ndtmsg->ndtm_pad2 = 0;
1603
1604
RTA_PUT_STRING(skb, NDTA_NAME, tbl->id);
1605
RTA_PUT_MSECS(skb, NDTA_GC_INTERVAL, tbl->gc_interval);
···
1683
1684
read_lock_bh(&tbl->lock);
1685
ndtmsg->ndtm_family = tbl->family;
1686
+
ndtmsg->ndtm_pad1 = 0;
1687
+
ndtmsg->ndtm_pad2 = 0;
1688
RTA_PUT_STRING(skb, NDTA_NAME, tbl->id);
1689
1690
if (neightbl_fill_parms(skb, parms) < 0)
···
1872
struct ndmsg *ndm = NLMSG_DATA(nlh);
1873
1874
ndm->ndm_family = n->ops->family;
1875
+
ndm->ndm_pad1 = 0;
1876
+
ndm->ndm_pad2 = 0;
1877
ndm->ndm_flags = n->flags;
1878
ndm->ndm_type = n->type;
1879
ndm->ndm_ifindex = n->dev->ifindex;
+1
net/core/rtnetlink.c
+1
net/core/rtnetlink.c
+1
net/core/wireless.c
+1
net/core/wireless.c
+8
-2
net/ipv4/ipmr.c
+8
-2
net/ipv4/ipmr.c
···
297
static void ipmr_destroy_unres(struct mfc_cache *c)
298
{
299
struct sk_buff *skb;
300
301
atomic_dec(&cache_resolve_queue_len);
302
···
307
nlh->nlmsg_type = NLMSG_ERROR;
308
nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));
309
skb_trim(skb, nlh->nlmsg_len);
310
-
((struct nlmsgerr*)NLMSG_DATA(nlh))->error = -ETIMEDOUT;
311
netlink_unicast(rtnl, skb, NETLINK_CB(skb).dst_pid, MSG_DONTWAIT);
312
} else
313
kfree_skb(skb);
···
502
static void ipmr_cache_resolve(struct mfc_cache *uc, struct mfc_cache *c)
503
{
504
struct sk_buff *skb;
505
506
/*
507
* Play the pending entries through our router
···
519
nlh->nlmsg_type = NLMSG_ERROR;
520
nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));
521
skb_trim(skb, nlh->nlmsg_len);
522
-
((struct nlmsgerr*)NLMSG_DATA(nlh))->error = -EMSGSIZE;
523
}
524
err = netlink_unicast(rtnl, skb, NETLINK_CB(skb).dst_pid, MSG_DONTWAIT);
525
} else
···
297
static void ipmr_destroy_unres(struct mfc_cache *c)
298
{
299
struct sk_buff *skb;
300
+
struct nlmsgerr *e;
301
302
atomic_dec(&cache_resolve_queue_len);
303
···
306
nlh->nlmsg_type = NLMSG_ERROR;
307
nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));
308
skb_trim(skb, nlh->nlmsg_len);
309
+
e = NLMSG_DATA(nlh);
310
+
e->error = -ETIMEDOUT;
311
+
memset(&e->msg, 0, sizeof(e->msg));
312
netlink_unicast(rtnl, skb, NETLINK_CB(skb).dst_pid, MSG_DONTWAIT);
313
} else
314
kfree_skb(skb);
···
499
static void ipmr_cache_resolve(struct mfc_cache *uc, struct mfc_cache *c)
500
{
501
struct sk_buff *skb;
502
+
struct nlmsgerr *e;
503
504
/*
505
* Play the pending entries through our router
···
515
nlh->nlmsg_type = NLMSG_ERROR;
516
nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));
517
skb_trim(skb, nlh->nlmsg_len);
518
+
e = NLMSG_DATA(nlh);
519
+
e->error = -EMSGSIZE;
520
+
memset(&e->msg, 0, sizeof(e->msg));
521
}
522
err = netlink_unicast(rtnl, skb, NETLINK_CB(skb).dst_pid, MSG_DONTWAIT);
523
} else
+1
net/ipv6/addrconf.c
+1
net/ipv6/addrconf.c
+9
-1
net/sched/act_api.c
+9
-1
net/sched/act_api.c
···
439
440
t = NLMSG_DATA(nlh);
441
t->tca_family = AF_UNSPEC;
442
443
x = (struct rtattr*) skb->tail;
444
RTA_PUT(skb, TCA_ACT_TAB, 0, NULL);
···
582
nlh = NLMSG_PUT(skb, pid, n->nlmsg_seq, RTM_DELACTION, sizeof(*t));
583
t = NLMSG_DATA(nlh);
584
t->tca_family = AF_UNSPEC;
585
586
x = (struct rtattr *) skb->tail;
587
RTA_PUT(skb, TCA_ACT_TAB, 0, NULL);
···
691
nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*t), flags);
692
t = NLMSG_DATA(nlh);
693
t->tca_family = AF_UNSPEC;
694
-
695
x = (struct rtattr*) skb->tail;
696
RTA_PUT(skb, TCA_ACT_TAB, 0, NULL);
697
···
848
cb->nlh->nlmsg_type, sizeof(*t));
849
t = NLMSG_DATA(nlh);
850
t->tca_family = AF_UNSPEC;
851
852
x = (struct rtattr *) skb->tail;
853
RTA_PUT(skb, TCA_ACT_TAB, 0, NULL);
···
439
440
t = NLMSG_DATA(nlh);
441
t->tca_family = AF_UNSPEC;
442
+
t->tca__pad1 = 0;
443
+
t->tca__pad2 = 0;
444
445
x = (struct rtattr*) skb->tail;
446
RTA_PUT(skb, TCA_ACT_TAB, 0, NULL);
···
580
nlh = NLMSG_PUT(skb, pid, n->nlmsg_seq, RTM_DELACTION, sizeof(*t));
581
t = NLMSG_DATA(nlh);
582
t->tca_family = AF_UNSPEC;
583
+
t->tca__pad1 = 0;
584
+
t->tca__pad2 = 0;
585
586
x = (struct rtattr *) skb->tail;
587
RTA_PUT(skb, TCA_ACT_TAB, 0, NULL);
···
687
nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*t), flags);
688
t = NLMSG_DATA(nlh);
689
t->tca_family = AF_UNSPEC;
690
+
t->tca__pad1 = 0;
691
+
t->tca__pad2 = 0;
692
+
693
x = (struct rtattr*) skb->tail;
694
RTA_PUT(skb, TCA_ACT_TAB, 0, NULL);
695
···
842
cb->nlh->nlmsg_type, sizeof(*t));
843
t = NLMSG_DATA(nlh);
844
t->tca_family = AF_UNSPEC;
845
+
t->tca__pad1 = 0;
846
+
t->tca__pad2 = 0;
847
848
x = (struct rtattr *) skb->tail;
849
RTA_PUT(skb, TCA_ACT_TAB, 0, NULL);
+2
net/sched/cls_api.c
+2
net/sched/cls_api.c
···
331
nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*tcm), flags);
332
tcm = NLMSG_DATA(nlh);
333
tcm->tcm_family = AF_UNSPEC;
334
+
tcm->tcm__pad1 = 0;
335
+
tcm->tcm__pad1 = 0;
336
tcm->tcm_ifindex = tp->q->dev->ifindex;
337
tcm->tcm_parent = tp->classid;
338
tcm->tcm_info = TC_H_MAKE(tp->prio, tp->protocol);
+2
net/sched/sch_api.c
+2
net/sched/sch_api.c
+2
net/sched/sch_cbq.c
+2
net/sched/sch_cbq.c