[PATCH openEuler-1.0-LTS] tipc: Return non-zero value from tipc_udp_addr2str() on error

From: Shigeru Yoshida <syoshida@redhat.com> stable inclusion from stable-v4.19.320 commit 7ec3335dd89c8d169e9650e4bac64fde71fdf15b category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAKQ1T CVE: CVE-2024-42284 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=... ------------------------------------------------- [ Upstream commit fa96c6baef1b5385e2f0c0677b32b3839e716076 ] tipc_udp_addr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP media address. Fixes: d0f91938bede ("tipc: add ip/udp media type") Signed-off-by: Shigeru Yoshida <syoshida@redhat.com> Reviewed-by: Tung Nguyen <tung.q.nguyen@endava.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Liu Jian <liujian56@huawei.com> --- net/tipc/udp_media.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c index efe822d3bb28..c01dcf9746be 100644 --- a/net/tipc/udp_media.c +++ b/net/tipc/udp_media.c @@ -127,8 +127,11 @@ static int tipc_udp_addr2str(struct tipc_media_addr *a, char *buf, int size) snprintf(buf, size, "%pI4:%u", &ua->ipv4, ntohs(ua->port)); else if (ntohs(ua->proto) == ETH_P_IPV6) snprintf(buf, size, "%pI6:%u", &ua->ipv6, ntohs(ua->port)); - else + else { pr_err("Invalid UDP media address\n"); + return 1; + } + return 0; } -- 2.34.1