tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

net: mctp: ensure our nlmsg responses are initialised

Syed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from
DEVCORE Research Team working with Trend Micro Zero Day Initiative
report that a RTM_GETNEIGH will return uninitalised data in the pad
bytes of the ndmsg data.

Ensure we're initialising the netlink data to zero, in the link, addr
and neigh response messages.

Fixes: 831119f88781 ("mctp: Add neighbour netlink interface")
Fixes: 06d2f4c583a7 ("mctp: Add netlink route management")
Fixes: 583be982d934 ("mctp: Add device handling and netlink interface")
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20260209-dev-mctp-nlmsg-v1-1-f1e30c346a43@codeconstruct.com.au
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Jeremy Kerr and committed by
Jakub Kicinski a6a9bc54 7c375811

+3
+1
net/mctp/device.c
··· 70 70 return -EMSGSIZE; 71 71 72 72 hdr = nlmsg_data(nlh); 73 + memset(hdr, 0, sizeof(*hdr)); 73 74 hdr->ifa_family = AF_MCTP; 74 75 hdr->ifa_prefixlen = 0; 75 76 hdr->ifa_flags = 0;
+1
net/mctp/neigh.c
··· 218 218 return -EMSGSIZE; 219 219 220 220 hdr = nlmsg_data(nlh); 221 + memset(hdr, 0, sizeof(*hdr)); 221 222 hdr->ndm_family = AF_MCTP; 222 223 hdr->ndm_ifindex = dev->ifindex; 223 224 hdr->ndm_state = 0; // TODO other state bits?
+1
net/mctp/route.c
··· 1643 1643 return -EMSGSIZE; 1644 1644 1645 1645 hdr = nlmsg_data(nlh); 1646 + memset(hdr, 0, sizeof(*hdr)); 1646 1647 hdr->rtm_family = AF_MCTP; 1647 1648 1648 1649 /* we use the _len fields as a number of EIDs, rather than