From patchwork Wed Jan 27 13:52:02 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 101075 Delivered-To: patch@linaro.org Received: by 10.112.130.2 with SMTP id oa2csp2594640lbb; Wed, 27 Jan 2016 05:53:53 -0800 (PST) X-Received: by 10.98.42.213 with SMTP id q204mr42557277pfq.141.1453902833415; Wed, 27 Jan 2016 05:53:53 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p89si9697310pfi.111.2016.01.27.05.53.53; Wed, 27 Jan 2016 05:53:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932579AbcA0Nxv (ORCPT + 30 others); Wed, 27 Jan 2016 08:53:51 -0500 Received: from mout.kundenserver.de ([217.72.192.75]:59609 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932182AbcA0Nxr (ORCPT ); Wed, 27 Jan 2016 08:53:47 -0500 Received: from wuerfel.lan. ([78.42.132.4]) by mrelayeu.kundenserver.de (mreue101) with ESMTPA (Nemesis) id 0LshA1-1ZvvD82f9d-012EyJ; Wed, 27 Jan 2016 14:52:51 +0100 From: Arnd Bergmann To: Wensong Zhang , Simon Horman , Julian Anastasov Cc: linux-arm-kernel@lists.infradead.org, Arnd Bergmann , Pablo Neira Ayuso , Patrick McHardy , Jozsef Kadlecsik , "David S. Miller" , netdev@vger.kernel.org, lvs-devel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, linux-kernel@vger.kernel.org Subject: [PATCH 2/2] netfilter: ipvs/SIP: handle ip_vs_fill_iph_skb_off failure Date: Wed, 27 Jan 2016 14:52:02 +0100 Message-Id: <1453902749-3422685-2-git-send-email-arnd@arndb.de> X-Mailer: git-send-email 2.7.0 In-Reply-To: <1453902749-3422685-1-git-send-email-arnd@arndb.de> References: <1453902749-3422685-1-git-send-email-arnd@arndb.de> X-Provags-ID: V03:K0:DvG/5XxoZxH5TVCnmIC0HhcesE+osQd3L0FOjrUZGG4b25b3MHQ F/hKSr23KPfXAYKbtwLNMbQyd18vzznm4Tbd6WkGMajptjXEsx52tP1m4mTXeAZsCbEds5R tA4C7HdVP7PBFiaOy0T+VVyepTqkGBfhNQ2g9g6T+4ozStNeKA7cClCCOz8V1woq+drZcH9 0lXqfXsFUxjvx2WLJD9DA== X-UI-Out-Filterresults: notjunk:1; V01:K0:Jed+CB1rhwY=:Rerx27IejDYjvcFXs0n4gg of9kdXQslJKxcoOQtFbNFk4EosBpY2mamCyq51fadAQuedDzDFO0JOtQRwQz2O3kmY/EVzU8p 1wUmUWwLjrMmWptiu+unA8dHhNyVsRVygH806h9LWfaNZ/vuYpiGeWQVdiXtxKk2+B87Xxd17 ibZWQzOBd7i46UmpxUdIGe87yIkDpCA6rd8q5tEAye/WBjusuPeFNlBW81uHD9M7MWmM9dzY1 I56Qc0KEwx/AOMS7bFgzKtIAPhoApFQQTU3zCEHrxcI2bVYMFvkBWVZjOZfkRPA/7eb77QTFz 0hh9zoLeccRGG8lqP2SWSdERuLXk/YVRgUij0GgDf2DmE7s1fYlrCZEDPAaVsXJ1O6b2OSoME oiXoqWMN+V/r2jlbyCbZXqlEJ/9dtrZSegqF5Abi8bOVQBXxwWc2jqGCKOLItIxsyWupE1JFt JYOzUQlrYQDYm4JAGeAnU7qOKfDj/wJFnIhGsUYQLgksJqsB/DS4Q0aisE9amUAb3avVAu/Nf jZ2aQvytNHCNNaLf1Ic+gspfbbEuSPHnSFPSNJNHeZ9STYPYPWWVO+tu0gWt6GdNYFAjX7TH/ Vm+JisnoeWmd2sjka7/NlY9/PCa3wK07zswetvlGn7+FtdYhxVjcVZHDH+M4AG9qkYdPTekFU bJqS35g7cN8T1EakbTcZe3+ABmpH1DWXUiVVfqh7KfVVmziYTnK+TbtZw/OriBKOg/OI= Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ip_vs_fill_iph_skb_off() may not find an IP header, and gcc has determined that ip_vs_sip_fill_param() then incorrectly accesses the protocol fields: net/netfilter/ipvs/ip_vs_pe_sip.c: In function 'ip_vs_sip_fill_param': net/netfilter/ipvs/ip_vs_pe_sip.c:76:5: error: 'iph.protocol' may be used uninitialized in this function [-Werror=maybe-uninitialized] if (iph.protocol != IPPROTO_UDP) ^ net/netfilter/ipvs/ip_vs_pe_sip.c:81:10: error: 'iph.len' may be used uninitialized in this function [-Werror=maybe-uninitialized] dataoff = iph.len + sizeof(struct udphdr); ^ This adds a check for the ip_vs_fill_iph_skb_off() return code before looking at the ip header data returned from it. Signed-off-by: Arnd Bergmann Fixes: b0e010c527de ("ipvs: replace ip_vs_fill_ip4hdr with ip_vs_fill_iph_skb_off") --- net/netfilter/ipvs/ip_vs_pe_sip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.7.0 diff --git a/net/netfilter/ipvs/ip_vs_pe_sip.c b/net/netfilter/ipvs/ip_vs_pe_sip.c index 1b8d594e493a..c4e9ca016a88 100644 --- a/net/netfilter/ipvs/ip_vs_pe_sip.c +++ b/net/netfilter/ipvs/ip_vs_pe_sip.c @@ -70,10 +70,10 @@ ip_vs_sip_fill_param(struct ip_vs_conn_param *p, struct sk_buff *skb) const char *dptr; int retc; - ip_vs_fill_iph_skb(p->af, skb, false, &iph); + retc = ip_vs_fill_iph_skb(p->af, skb, false, &iph); /* Only useful with UDP */ - if (iph.protocol != IPPROTO_UDP) + if (!retc || iph.protocol != IPPROTO_UDP) return -EINVAL; /* todo: IPv6 fragments: * I think this only should be done for the first fragment. /HS