From nobody Thu Jan 11 04:52:14 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T9XMg2smMz56PPT; Thu, 11 Jan 2024 04:52:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4T9XMf6sdzz40Xx; Thu, 11 Jan 2024 04:52:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704948735; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cd/foy3TbtE+vTvbklZTpJexNMSkyTtwDccXdn7MT1g=; b=F4/dy0vXRVxwRBQrmb3+y/h5rUzGXi3J+Uho5Ku8niNmYTxD6Fvl3wOQNmFUzK8tF5/N2Y wchZUIIZsaG1e7pfmf7FF+4DE/F1FcFan+zCf0T1PLoHaZ343VMEbg0eQww6t26kF2nrMC nt6lrE6AxukepxYxlX/aKkiTeUzBVfpKQMgrl9eBAa+BBdRXHaZ6lBJanxs5ZhJi2Q8NvP G13sngC0L0sg4TPqy01SuLNG3VARoNi7rwiwIJrDyZ8jfo6u9jnw0BsmquGRcsSXLGdCdo iE+Btgs6kkI7qwBKXhbKqoZDgmY15tpPyLONc+rTBau3x6UaVOnYOBARmBmJcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704948735; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cd/foy3TbtE+vTvbklZTpJexNMSkyTtwDccXdn7MT1g=; b=ShsUK46e+D1suVlqMixMge/Uj8i36PPOGEsuIClwQ3RbjQaMi8ZFji7NlzUfc2UR5O5emH +Kl2RJlC++Gci+AKZmJL9elxgD4AjbEwW5rv6fxWGDVWlGseqKhf4kUMbGN/5KE2rGq6uO yNNRUiTvKhSItJTJf6L/41etgcAe8ItRBjwb+DbAZZWN64e4HxemUuAZcid3SXt3HJpUD6 X8HKUazvrEN+++747bQoNcJqbhCUbAyDg6MMWvxoITVaVmNOp383kEJUKS2byKYRsM+b28 2V4uFFFZGKCkhp1NQbmezgxl4dxGlDB2JTNPDcSYnjHQoddyfUiL0J+cSqj93A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1704948735; a=rsa-sha256; cv=none; b=dHCnFAOCO/FnOeUjX33u7Yp+ZaUU7prqFcPkcbUIaQXSHRi6fGALM4Y9gUiZck3DLkS1Yd nZ6TmnZBZwOyosAyEe5g7GzJOs+1dpSEPyKcGnoRjyogv9c9EhV0VAslP4goQnjAkKKEVc u3jeLVFQBhkZ/CPFDgnn1B+A2kY/a/MuGXsxhZT2JTbUqotaCTzvrk0RY/IJ4PS+1weF4m SHKzzKNGTVJuoKFpbTjqCPOnjKrcNYGwExkHvAB5KiHaxBjBK92W/xp32WNPpaICTzw0Xu ydTxeNoDD6nRkoBV9s6KuimWJ1b/2Ov3/2Kf7aPSkDNIXdL9Fr1Vq41nBKrXAw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4T9XMf5y3Rz14ld; Thu, 11 Jan 2024 04:52:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 40B4qE38041685; Thu, 11 Jan 2024 04:52:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 40B4qEaU041682; Thu, 11 Jan 2024 04:52:14 GMT (envelope-from git) Date: Thu, 11 Jan 2024 04:52:14 GMT Message-Id: <202401110452.40B4qEaU041682@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: d9b1f6fbf993 - main - netlink: fix bug with socket buffer character counter underflow List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d9b1f6fbf9935a9d54c78987a04af7cda3740c56 Auto-Submitted: auto-generated The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=d9b1f6fbf9935a9d54c78987a04af7cda3740c56 commit d9b1f6fbf9935a9d54c78987a04af7cda3740c56 Author: Gleb Smirnoff AuthorDate: 2024-01-11 04:51:53 +0000 Commit: Gleb Smirnoff CommitDate: 2024-01-11 04:51:53 +0000 netlink: fix bug with socket buffer character counter underflow Cover case when an nb that we are now reading in full had been partially read by previous read(2) and now has positive offset. Throw couple assertions that helped to catch that earlier. --- sys/netlink/netlink_domain.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/netlink/netlink_domain.c b/sys/netlink/netlink_domain.c index 7ecafbf99d26..777aff43000a 100644 --- a/sys/netlink/netlink_domain.c +++ b/sys/netlink/netlink_domain.c @@ -744,6 +744,7 @@ nl_soreceive(struct socket *so, struct sockaddr **psa, struct uio *uio, offset = nb->offset; while (offset < nb->datalen) { hdr = (struct nlmsghdr *)&nb->data[offset]; + MPASS(nb->offset + hdr->nlmsg_len <= nb->datalen); if (uio->uio_resid < len + hdr->nlmsg_len) { overflow = len + hdr->nlmsg_len - uio->uio_resid; @@ -784,7 +785,7 @@ nl_soreceive(struct socket *so, struct sockaddr **psa, struct uio *uio, msgrcv++; } MPASS(offset == nb->datalen); - datalen += nb->datalen; + datalen += nb->datalen - nb->offset; } nospace: last = nb; @@ -796,6 +797,7 @@ nospace: TAILQ_FIRST(&sb->nl_queue) = last; last->tailq.tqe_prev = &TAILQ_FIRST(&sb->nl_queue); } + MPASS(sb->sb_acc >= datalen); sb->sb_acc -= datalen; sb->sb_ccc -= datalen; }