Differential D47662

rtsock: fix panic in rtsock_msg_buffer()
ClosedPublic
Actions

Authored by glebius on Nov 18 2024, 8:19 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sun, Jan 11, 6:29 PM

	Unknown Object (File)
	Sat, Jan 10, 6:36 PM

	Unknown Object (File)
	Sat, Jan 10, 3:25 PM

	Unknown Object (File)
	Sat, Jan 10, 5:46 AM

	Unknown Object (File)
	Sat, Jan 10, 5:15 AM

	Unknown Object (File)
	Sat, Jan 10, 4:30 AM

	Unknown Object (File)
	Fri, Jan 9, 3:59 PM

	Unknown Object (File)
	Sun, Dec 28, 7:48 PM

View All 68 Files

Subscribers

Details

Reviewers

Group Reviewers

Commits

rGdae64402b3e8: rtsock: fix panic in rtsock_msg_buffer()

Summary

The rtsock_msg_buffer() can be called without walkarg, just to calculate
required length. It can also be called with a degenerate walkarg, that
doesn't have a w_req. The latter happens when the function is called from
update_rtm_from_info() for the second time.

Zero init walkarg in update_rtm_from_info() and don't pass random stack
garbage as w_req.

In rtsock_msg_buffer() initialize compat32 boolean only once and take of
possible empty w_req. Simplify the rest of code once compat32 is already
set.

Reported-by: syzbot+d4a2682059e23179e76e@syzkaller.appspotmail.com
Reported-by: syzbot+66d7c9b3062e27a56f3f@syzkaller.appspotmail.com

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

glebius created this revision.Nov 18 2024, 8:19 PM

Herald added subscribers: ae, imp. · View Herald TranscriptNov 18 2024, 8:19 PM

glebius requested review of this revision.Nov 18 2024, 8:19 PM

Harbormaster completed remote builds in B60667: Diff 146650.Nov 18 2024, 8:19 PM

melifaro accepted this revision.Nov 18 2024, 8:20 PM

melifaro removed reviewers: network, melifaro.

This revision is now accepted and ready to land.Nov 18 2024, 8:20 PM

Closed by commit rGdae64402b3e8: rtsock: fix panic in rtsock_msg_buffer() (authored by glebius). · Explain WhyNov 18 2024, 10:13 PM

This revision was automatically updated to reflect the committed changes.

glebius added a commit: rGdae64402b3e8: rtsock: fix panic in rtsock_msg_buffer().

Revision Contents
Changeset List

Path

Size

sys/

net/

35 lines

Diff 146658

sys/net/rtsock.c

Loading...