From nobody Wed Feb 1 17:31:57 2023 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P6TW16sxVz3bJBS; Wed, 1 Feb 2023 17:31:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P6TW16RF5z3PTq; Wed, 1 Feb 2023 17:31:57 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675272717; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OOTOTzKgkdEjkwm2wRw1TFHYeKmyo81GlIbyXChs8F0=; b=h8y0/u5m9mj98zcBmNag/3nHCtrJazY8oR9/vxkYZWOAYFztc15malnb8oalA3MDyDgbUE ZWbRi9fbeBQocHwHITXO8mkWdghk6rtAkFTgpTdIsA1dloS9ZZmQ8dbckiBBnbHRw62rix FVufbemdQY/Yisl15vxrbaomMnYLD2Pt5Zh9kfZ8TyypsLN8Ij/NR2ds9q4guZ1cJaV/o4 fMKOO+0k1GBbr4JvlmfplnVYYz+qNDl3DsVfCurTyjU/ll/f0p+CTdY6Je9vTQ/Aew4Bch zUzSWHCYIh4RCYGXzpsE+eFsmMBULM8i7uzyzqUkAEVEW3Uudqd6kh4bSWHOYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675272717; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OOTOTzKgkdEjkwm2wRw1TFHYeKmyo81GlIbyXChs8F0=; b=xh0+caL4x+FAAvi3tjZYYUeuvuE/Q13Qu1CFKDNUJAXtosx86Ku0BnW4BaRsVFvUEEPyz4 lMuIiMLEw277IdjSgZOSHc/QgBbnuCeshlV+NlL2MbAgOydAUxShp9SRaidCvYr8Ycxupd 76dRodSiKhMn6ys49CjNh2+Y+42iftBVNXiKUCfmzxQ9tXbQ1z/WTEuIHF57QkxKg5fGFH 0C6HqbZ/2IJ4ZhKRdZ/Pwdd9tMJ7rQkL+LJXE5K79/9ARbPtj2ERPgVSghNr6lWbnnwGKb vCL/7nvBNKxRl4jA1y/KCgIJ2h0aCKMZIQV0LflHfr1CAG/C2DLj6tRsBAZ4YA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675272717; a=rsa-sha256; cv=none; b=KB3FKLxKrMRok+AXAGTnDPePYSs+8qK7OLxN/rfhWkiq/1DQej7aliYQ+irJhoDiMjgpa3 WHCIbTjtWR8LGRLUYHI5eWYNNI/eA63mh+Kd/h4MNsNlQi7Dru//Pb8z6JDcChae2saOEa ZbdtJL/ObD2atnmybgOBqRwHLrQGdSSeL5gSknmebMZHsT8kr+exTGJ7zQ0E0/xOmSHFa5 QQ7vVp4V/cMt20yc0henS1kpC2ZE2SWBLK2NWkgy3GDQxSU4BJ5nsD599hoN9kBBXBmXtt As3yOGfAKrMFON6bNwh03XcwJxUEpyITZv7a8Fe0vTEN5cSNy7SbFu0CRpElyw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P6TW15VLmzN8P; Wed, 1 Feb 2023 17:31:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 311HVvfY057079; Wed, 1 Feb 2023 17:31:57 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 311HVvmj057078; Wed, 1 Feb 2023 17:31:57 GMT (envelope-from git) Date: Wed, 1 Feb 2023 17:31:57 GMT Message-Id: <202302011731.311HVvmj057078@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 584ca49a07f4 - stable/13 - ipsec: Clear pad bytes in PF_KEY messages List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 584ca49a07f42c0b6d43687ae1763fd800089484 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=584ca49a07f42c0b6d43687ae1763fd800089484 commit 584ca49a07f42c0b6d43687ae1763fd800089484 Author: Mark Johnston AuthorDate: 2023-01-16 15:46:20 +0000 Commit: Mark Johnston CommitDate: 2023-02-01 17:22:31 +0000 ipsec: Clear pad bytes in PF_KEY messages Various handlers for SADB messages will allocate a new mbuf and populate some structures in it. Some of these structures, such as struct sadb_supported, contain small reserved fields that are not initialized and are thus leaked to userspace. Fix the problem by adding a helper to allocate zeroed mbufs. This reduces code duplication and the overhead of zeroing these messages isn't harmful. Reviewed by: zlei, melifaro Reported by: KMSAN Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D38068 (cherry picked from commit 8a9495517b0ad54da9759a7ba2cc0b56f8e7c8f9) --- sys/netipsec/key.c | 69 +++++++++++++++++++++++------------------------------- 1 file changed, 29 insertions(+), 40 deletions(-) diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 869d6b850aa0..efda68f09078 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -804,6 +804,25 @@ key_havesp(u_int dir) TAILQ_FIRST(&V_sptree[dir]) != NULL : 1); } +/* + * Allocate a single mbuf with a buffer of the desired length. The buffer is + * pre-zeroed to help ensure that uninitialized pad bytes are not leaked. + */ +static struct mbuf * +key_mget(u_int len) +{ + struct mbuf *m; + + KASSERT(len <= MCLBYTES, + ("%s: invalid buffer length %u", __func__, len)); + + m = m_get2(len, M_NOWAIT, MT_DATA, M_PKTHDR); + if (m == NULL) + return (NULL); + memset(mtod(m, void *), 0, len); + return (m); +} + /* %%% IPsec policy management */ /* * Return current SPDB generation. @@ -2315,14 +2334,8 @@ key_spddelete2(struct socket *so, struct mbuf *m, /* create new sadb_msg to reply. */ len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); - MGETHDR(n, M_NOWAIT, MT_DATA); - if (n && len > MHLEN) { - if (!(MCLGET(n, M_NOWAIT))) { - m_freem(n); - n = NULL; - } - } - if (!n) + n = key_mget(len); + if (n == NULL) return key_senderror(so, m, ENOBUFS); n->m_len = len; @@ -3753,14 +3766,8 @@ key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); if (len > MCLBYTES) return NULL; - MGETHDR(m, M_NOWAIT, MT_DATA); - if (m && len > MHLEN) { - if (!(MCLGET(m, M_NOWAIT))) { - m_freem(m); - m = NULL; - } - } - if (!m) + m = key_mget(len); + if (m == NULL) return NULL; m->m_pkthdr.len = m->m_len = len; m->m_next = NULL; @@ -4937,14 +4944,8 @@ key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + PFKEY_ALIGN8(sizeof(struct sadb_sa)); - MGETHDR(n, M_NOWAIT, MT_DATA); - if (len > MHLEN) { - if (!(MCLGET(n, M_NOWAIT))) { - m_freem(n); - n = NULL; - } - } - if (!n) { + n = key_mget(len); + if (n == NULL) { error = ENOBUFS; goto fail; } @@ -7148,14 +7149,8 @@ key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) if (len > MCLBYTES) return key_senderror(so, m, ENOBUFS); - MGETHDR(n, M_NOWAIT, MT_DATA); - if (n != NULL && len > MHLEN) { - if (!(MCLGET(n, M_NOWAIT))) { - m_freem(n); - n = NULL; - } - } - if (!n) + n = key_mget(len); + if (n == NULL) return key_senderror(so, m, ENOBUFS); n->m_pkthdr.len = n->m_len = len; @@ -7786,14 +7781,8 @@ key_parse(struct mbuf *m, struct socket *so) if (m->m_next) { struct mbuf *n; - MGETHDR(n, M_NOWAIT, MT_DATA); - if (n && m->m_pkthdr.len > MHLEN) { - if (!(MCLGET(n, M_NOWAIT))) { - m_free(n); - n = NULL; - } - } - if (!n) { + n = key_mget(m->m_pkthdr.len); + if (n == NULL) { m_freem(m); return ENOBUFS; }