raw: fix reading of uninitialized memory on recv
When less bytes than the header size is read, do not indicate to the caller that the read was successful, as the caller would read uninitialized memory. To achieve that, subtract the header size unconditionally (unless an error was returned by sk_receive). In addition, do not check for Ethernet type when full Ethernet header was not read. This again may lead to reading of uninitialized memory. Signed-off-by: Jiri Benc <jbenc@redhat.com>master
parent
ea7a7882e5
commit
8bbebdd381
8
raw.c
8
raw.c
|
@ -244,6 +244,11 @@ static int raw_recv(struct transport *t, int fd, void *buf, int buflen,
|
|||
|
||||
cnt = sk_receive(fd, ptr, buflen, hwts, 0);
|
||||
|
||||
if (cnt >= 0)
|
||||
cnt -= hlen;
|
||||
if (cnt < 0)
|
||||
return cnt;
|
||||
|
||||
if (raw->vlan) {
|
||||
if (ETH_P_1588 == ntohs(hdr->type)) {
|
||||
pr_notice("raw: disabling VLAN mode");
|
||||
|
@ -255,9 +260,6 @@ static int raw_recv(struct transport *t, int fd, void *buf, int buflen,
|
|||
raw->vlan = 1;
|
||||
}
|
||||
}
|
||||
if (cnt >= hlen) {
|
||||
cnt -= hlen;
|
||||
}
|
||||
return cnt;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue