raw: fix reading of uninitialized memory on recv

When less bytes than the header size is read, do not indicate to the caller
that the read was successful, as the caller would read uninitialized memory.
To achieve that, subtract the header size unconditionally (unless an error
was returned by sk_receive).

In addition, do not check for Ethernet type when full Ethernet header was
not read. This again may lead to reading of uninitialized memory.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
master
Jiri Benc 2014-04-10 11:37:22 +02:00 committed by Richard Cochran
parent ea7a7882e5
commit 8bbebdd381
1 changed files with 5 additions and 3 deletions

8
raw.c
View File

@ -244,6 +244,11 @@ static int raw_recv(struct transport *t, int fd, void *buf, int buflen,
cnt = sk_receive(fd, ptr, buflen, hwts, 0);
if (cnt >= 0)
cnt -= hlen;
if (cnt < 0)
return cnt;
if (raw->vlan) {
if (ETH_P_1588 == ntohs(hdr->type)) {
pr_notice("raw: disabling VLAN mode");
@ -255,9 +260,6 @@ static int raw_recv(struct transport *t, int fd, void *buf, int buflen,
raw->vlan = 1;
}
}
if (cnt >= hlen) {
cnt -= hlen;
}
return cnt;
}