diff options
| author | Alexander Aring <aring@mojatatu.com> | 2018-04-20 14:54:13 -0400 |
|---|---|---|
| committer | Stefan Schmidt <stefan@osg.samsung.com> | 2018-04-23 14:56:24 -0400 |
| commit | f18fa5de5ba7f1d6650951502bb96a6e4715a948 (patch) | |
| tree | 81aac5b693d835de166b7dfa6b46d13b372313d9 /net | |
| parent | 7e0ffee1b2e7d26cc2147be0d9d5186823e923f3 (diff) | |
net: ieee802154: 6lowpan: fix frag reassembly
This patch initialize stack variables which are used in
frag_lowpan_compare_key to zero. In my case there are padding bytes in the
structures ieee802154_addr as well in frag_lowpan_compare_key. Otherwise
the key variable contains random bytes. The result is that a compare of
two keys by memcmp works incorrect.
Fixes: 648700f76b03 ("inet: frags: use rhashtables for reassembly units")
Signed-off-by: Alexander Aring <aring@mojatatu.com>
Reported-by: Stefan Schmidt <stefan@osg.samsung.com>
Signed-off-by: Stefan Schmidt <stefan@osg.samsung.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ieee802154/6lowpan/6lowpan_i.h | 4 | ||||
| -rw-r--r-- | net/ieee802154/6lowpan/reassembly.c | 14 |
2 files changed, 9 insertions, 9 deletions
diff --git a/net/ieee802154/6lowpan/6lowpan_i.h b/net/ieee802154/6lowpan/6lowpan_i.h index b8d95cb71c25..44a7e16bf3b5 100644 --- a/net/ieee802154/6lowpan/6lowpan_i.h +++ b/net/ieee802154/6lowpan/6lowpan_i.h | |||
| @@ -20,8 +20,8 @@ typedef unsigned __bitwise lowpan_rx_result; | |||
| 20 | struct frag_lowpan_compare_key { | 20 | struct frag_lowpan_compare_key { |
| 21 | u16 tag; | 21 | u16 tag; |
| 22 | u16 d_size; | 22 | u16 d_size; |
| 23 | const struct ieee802154_addr src; | 23 | struct ieee802154_addr src; |
| 24 | const struct ieee802154_addr dst; | 24 | struct ieee802154_addr dst; |
| 25 | }; | 25 | }; |
| 26 | 26 | ||
| 27 | /* Equivalent of ipv4 struct ipq | 27 | /* Equivalent of ipv4 struct ipq |
diff --git a/net/ieee802154/6lowpan/reassembly.c b/net/ieee802154/6lowpan/reassembly.c index 1790b65944b3..2cc224106b69 100644 --- a/net/ieee802154/6lowpan/reassembly.c +++ b/net/ieee802154/6lowpan/reassembly.c | |||
| @@ -75,14 +75,14 @@ fq_find(struct net *net, const struct lowpan_802154_cb *cb, | |||
| 75 | { | 75 | { |
| 76 | struct netns_ieee802154_lowpan *ieee802154_lowpan = | 76 | struct netns_ieee802154_lowpan *ieee802154_lowpan = |
| 77 | net_ieee802154_lowpan(net); | 77 | net_ieee802154_lowpan(net); |
| 78 | struct frag_lowpan_compare_key key = { | 78 | struct frag_lowpan_compare_key key = {}; |
| 79 | .tag = cb->d_tag, | ||
| 80 | .d_size = cb->d_size, | ||
| 81 | .src = *src, | ||
| 82 | .dst = *dst, | ||
| 83 | }; | ||
| 84 | struct inet_frag_queue *q; | 79 | struct inet_frag_queue *q; |
| 85 | 80 | ||
| 81 | key.tag = cb->d_tag; | ||
| 82 | key.d_size = cb->d_size; | ||
| 83 | key.src = *src; | ||
| 84 | key.dst = *dst; | ||
| 85 | |||
| 86 | q = inet_frag_find(&ieee802154_lowpan->frags, &key); | 86 | q = inet_frag_find(&ieee802154_lowpan->frags, &key); |
| 87 | if (!q) | 87 | if (!q) |
| 88 | return NULL; | 88 | return NULL; |
| @@ -372,7 +372,7 @@ int lowpan_frag_rcv(struct sk_buff *skb, u8 frag_type) | |||
| 372 | struct lowpan_frag_queue *fq; | 372 | struct lowpan_frag_queue *fq; |
| 373 | struct net *net = dev_net(skb->dev); | 373 | struct net *net = dev_net(skb->dev); |
| 374 | struct lowpan_802154_cb *cb = lowpan_802154_cb(skb); | 374 | struct lowpan_802154_cb *cb = lowpan_802154_cb(skb); |
| 375 | struct ieee802154_hdr hdr; | 375 | struct ieee802154_hdr hdr = {}; |
| 376 | int err; | 376 | int err; |
| 377 | 377 | ||
| 378 | if (ieee802154_hdr_peek_addrs(skb, &hdr) < 0) | 378 | if (ieee802154_hdr_peek_addrs(skb, &hdr) < 0) |