Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/net Fix buffer overflow, detected by kASan.



details:   https://anonhg.NetBSD.org/src/rev/88fb8dae5606
branches:  trunk
changeset: 364988:88fb8dae5606
user:      maxv <maxv%NetBSD.org@localhost>
date:      Fri Aug 31 15:15:23 2018 +0000

description:
Fix buffer overflow, detected by kASan.

        ifconfig gif0 create
        ifconfig gif0 up

[   50.682919] kASan: Unauthorized Access In 0xffffffff80f22655: Addr 0xffffffff81b997a0 [8 bytes, read]
[   50.682919] #0 0xffffffff8021ce6a in kasan_memcpy <netbsd>
[   50.692999] #1 0xffffffff80f22655 in m_copyback_internal <netbsd>
[   50.692999] #2 0xffffffff80f22e81 in m_copyback <netbsd>
[   50.692999] #3 0xffffffff8103109a in rt_msg1 <netbsd>
[   50.692999] #4 0xffffffff8159109a in compat_70_rt_newaddrmsg1 <netbsd>
[   50.692999] #5 0xffffffff81031b0f in rt_newaddrmsg <netbsd>
[   50.692999] #6 0xffffffff8102c35e in rt_ifa_addlocal <netbsd>
[   50.692999] #7 0xffffffff80a5287c in in6_update_ifa1 <netbsd>
[   50.692999] #8 0xffffffff80a54149 in in6_update_ifa <netbsd>
[   50.692999] #9 0xffffffff80a59176 in in6_ifattach <netbsd>
[   50.692999] #10 0xffffffff80a56dd4 in in6_if_up <netbsd>
[   50.692999] #11 0xffffffff80fc5cb8 in if_up_locked <netbsd>
[   50.703622] #12 0xffffffff80fcc4c1 in ifioctl_common <netbsd>
[   50.703622] #13 0xffffffff80fde694 in gif_ioctl <netbsd>
[   50.703622] #14 0xffffffff80fcdb1f in doifioctl <netbsd>

diffstat:

 sys/net/rtsock.c |  8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diffs (32 lines):

diff -r c86a052fc52b -r 88fb8dae5606 sys/net/rtsock.c
--- a/sys/net/rtsock.c  Fri Aug 31 14:16:06 2018 +0000
+++ b/sys/net/rtsock.c  Fri Aug 31 15:15:23 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: rtsock.c,v 1.241 2018/04/25 03:49:57 ozaki-r Exp $     */
+/*     $NetBSD: rtsock.c,v 1.242 2018/08/31 15:15:23 maxv Exp $        */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.241 2018/04/25 03:49:57 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rtsock.c,v 1.242 2018/08/31 15:15:23 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -1221,11 +1221,11 @@
                m_copyback(m, len, sa->sa_len, sa);
                if (dlen != sa->sa_len) {
                        /*
-                        * Up to 6 + 1 nul's since roundup is to
+                        * Up to 7 + 1 nul's since roundup is to
                         * sizeof(uint64_t) (8 bytes)
                         */
                        m_copyback(m, len + sa->sa_len,
-                           dlen - sa->sa_len, "\0\0\0\0\0\0");
+                           dlen - sa->sa_len, "\0\0\0\0\0\0\0");
                }
                len += dlen;
        }



Home | Main Index | Thread Index | Old Index