raw: fix reading of uninitialized memory on recv

When less bytes than the header size is read, do not indicate to the caller that the read was successful, as the caller would read uninitialized memory. To achieve that, subtract the header size unconditionally (unless an error was returned by sk_receive). In addition, do not check for Ethernet type when full Ethernet header was not read. This again may lead to reading of uninitialized memory. Signed-off-by: Jiri Benc <jbenc@redhat.com>
2014-04-10 11:37:22 +02:00 · 2014-04-10 11:37:22 +02:00 · 8bbebdd381
parent ea7a7882e5
commit 8bbebdd381
1 changed files with 5 additions and 3 deletions
--- a/raw.c
+++ b/raw.c
@ -244,6 +244,11 @@ static int raw_recv(struct transport *t, int fd, void *buf, int buflen,

 	cnt = sk_receive(fd, ptr, buflen, hwts, 0);

+	if (cnt >= 0)
+		cnt -= hlen;
+	if (cnt < 0)
+		return cnt;
+
 	if (raw->vlan) {
 		if (ETH_P_1588 == ntohs(hdr->type)) {
 			pr_notice("raw: disabling VLAN mode");
@ -255,9 +260,6 @@ static int raw_recv(struct transport *t, int fd, void *buf, int buflen,
 			raw->vlan = 1;
 		}
 	}
-	if (cnt >= hlen)  {
-		cnt -= hlen;
-	}
 	return cnt;
 }