Re: [PATCH v3] AF_ALG: Initialize sg_num_bytes in error code path
From: Dmitry Vyukov
Date: Fri Jul 06 2018 - 03:58:37 EST
On Fri, Jul 6, 2018 at 9:50 AM, Stephan MÃller <smueller@xxxxxxxxxx> wrote:
> Changes v3:
> * Fix syz testing line
Just in case, the syz test does not have to be in the patch. Just an
email to the syzbot address will do.
> Changes v2:
> * Addition of syz testing line
>
> ---8<---
>
> The RX SGL in processing is already registered with the RX SGL tracking
> list to support proper cleanup. The cleanup code path uses the
> sg_num_bytes variable which must therefore be always initialized, even
> in the error code path.
>
> Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx>
> Reported-by: syzbot+9c251bdd09f83b92ba95@xxxxxxxxxxxxxxxxxxxxxxxxx
> #syz test: https://github.com/google/kmsan.git master
> ---
> crypto/af_alg.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/crypto/af_alg.c b/crypto/af_alg.c
> index 49fa8582138b..bd6795ff406a 100644
> --- a/crypto/af_alg.c
> +++ b/crypto/af_alg.c
> @@ -1148,8 +1148,10 @@ int af_alg_get_rsgl(struct sock *sk, struct msghdr *msg, int flags,
>
> /* make one iovec available as scatterlist */
> err = af_alg_make_sg(&rsgl->sgl, &msg->msg_iter, seglen);
> - if (err < 0)
> + if (err < 0) {
> + rsgl->sg_num_bytes = 0;
> return err;
> + }
>
> /* chain the new scatterlist with previous one */
> if (areq->last_rsgl)
> --
> 2.17.1
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@xxxxxxxxxxxxxxxxx
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/1616306.R4SzcgHSdy%40positron.chronox.de.
> For more options, visit https://groups.google.com/d/optout.