From patchwork Tue May 26 23:18:47 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 4975
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:4ec9:b0:861:c897:cb9d with SMTP id i9csp36333mas;
        Tue, 26 May 2026 16:19:36 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AFNElJ8EwEzrOpuAaUjBNFNGfj1LkA0tPPL7q/lTQBMne1RnH7n79P8mh9v6+3Nv6NFP0ZgYekkcb90jehE=@openvpn.net
X-Received: by 2002:a05:6820:e0e7:b0:69d:8c8d:d675 with SMTP id
 006d021491bc7-69d8c8ddb88mr6144685eaf.22.1779837576001;
        Tue, 26 May 2026 16:19:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1779837575; cv=none;
        d=google.com; s=arc-20240605;
        b=hu630lgnMPeOLrRIcYiiNOE+GSD8AWZ2FmM6+JPwHBy5M2HJv+xwu476AoE/P5VA7z
         ZsF/jKKRNeNY0VGXkq6UQY0xawSYbJeivoseGFy6IpHptvyHfU6uFhUqUZM/Jw92FIMW
         OW7feZttI1e3jX+4M8I/OcE4f9Dg5GGtm6Uk/TIhte74bcVU7cFCPYvU5Lt5SI04c6bN
         mzHo5j0cMJXy0GkOFvx7YZfd9pRJkAbSs2QY1vPn3+Ib2PhukCppmh0DxDyePU6tnGDD
         VZED97ruGdGnD4OZKWKYC6oE/iyUqFwhzscwdhZxAyqoNkn16qDP8pt9Eq3vqREPhbKN
         PkoQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:references:in-reply-to:message-id:date:to:from
         :dkim-signature:dkim-signature:dkim-signature:dkim-signature;
        bh=+xPlPBmiEsXVUj9f+cMXoS6tjKKtSJTjscaY+BsBkNg=;
        fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=;
        b=bNxchI1phNEk1vsXjof0iJlk9K18vm9nVxB9L45ldgY+g4O0Q74GYCx+nnMmGoQzkJ
         1ofvRa4gzHxMnwlI0ko/OZO5w69ajl8MvY9lwIcwWg7goprVxROHKi30mTMakbuTuqgH
         XwlB9qdceGeeb9OLV7egOgFXpgVo7WRI4IMsjYmLqul7kOuFCwsnnGyhu2EsxtbHBaZR
         Uh8mX9qiqT1jFkpLvdIXUwtyugfXyg3YFJ/WVc0x+h/GAw88IhRSGVsbuvc2M2pc2plA
         g06RG06Pe8fb44WsjOxS6CXm58FATLJ+qkCpsw0NRiUn01w3fNSl0zO6x91b7Coi6b6t
         J3Ew==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=CbYUblD3;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=kKYzuHgU;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=Mxa0pIpL;
       dkim=neutral (body hash did not verify) header.i=@unstable.cc
 header.s=MBO0001 header.b=mXi2eBOT;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 006d021491bc7-69d8c7f70d6si7642221eaf.4.2026.05.26.16.19.35
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 26 May 2026 16:19:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=CbYUblD3;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=kKYzuHgU;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=Mxa0pIpL;
       dkim=neutral (body hash did not verify) header.i=@unstable.cc
 header.s=MBO0001 header.b=mXi2eBOT;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc:
	List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
	Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
	Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender
	:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=+xPlPBmiEsXVUj9f+cMXoS6tjKKtSJTjscaY+BsBkNg=; b=CbYUblD3uiQ0jUGKren5ckszZk
	NhkQNFZxqRXeLPKfwueeXaViCrm/xwOgm1QrZySadbFUyy1utbikCKcM0L+otJ3mUxO/CPmFh+UHo
	MxURn6rekWnFMK+If17OvMIAaSKwk9i/je+HCXx8aGkuk/IXlGI5WQ9hb3vss3SOMZQs=;
Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com)
	by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1wS13b-0004Yg-QV;
	Tue, 26 May 2026 23:19:32 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <a@unstable.cc>) id 1wS13W-0004Y8-To
 for openvpn-devel@lists.sourceforge.net;
 Tue, 26 May 2026 23:19:28 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=Jfvmtc2kSSlcJjFihG7ze0JY2JBgrOhNx9LP9OMiTO4=; b=kKYzuHgUhDQ+hEe49WtCAm6O4U
 IVBEq1dC480Ug77fRmflz7Tp2g11kSR3NyiuDERJ3LWlDImM5TFYfEq6naltkOhuuitVgBspDekMu
 qZRVZ352aexk3YfwQs6o6PA3Paq4CH/+RPQNzDehby+zjead3vKETwsqzvhTtxOmCclI=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
 Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=Jfvmtc2kSSlcJjFihG7ze0JY2JBgrOhNx9LP9OMiTO4=; b=Mxa0pIpL1FlnNDiyzgqB/ml+dT
 F+nTWRq6P5KJsocLhWokqAfg0YL6rrYEwffm2dmLH0vuStintYr8QTW+emilGHZx0KBrusKw+HM6A
 kOVGuxMu6t7im11tAJJdTs8RW7i8X7sEDJEG2E6kc5MRJhhmxkfH6qE5zNUwgItz+VvU=;
Received: from mout-p-103.mailbox.org ([80.241.56.161])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1wS13H-0000To-Jr for openvpn-devel@lists.sourceforge.net;
 Tue, 26 May 2026 23:19:12 +0000
Received: from smtp102.mailbox.org (smtp102.mailbox.org
 [IPv6:2001:67c:2050:b231:465::102])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
 (No client certificate requested)
 by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4gQ7wz2qmRz9tqn;
 Wed, 27 May 2026 01:18:59 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc;
 s=MBO0001;
 t=1779837539;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=Jfvmtc2kSSlcJjFihG7ze0JY2JBgrOhNx9LP9OMiTO4=;
 b=mXi2eBOTQGIOzimNYDJkzcRwq7MO+ZQ5PfAVBZtuzH1qNif7iZk7IGdEh9x5Cht4/VZ3SL
 OZUHuFub8eFUWh8ZNEMPkBewbZXkUrHC2n7YkP9WdudJ8YQ8+ZlyVUd0/cYX+nGwb+ZKNx
 RAb59MNAwJFj8CYM/hxfhe2HWQchwV1buTfBXF5GqjxKqGix1WpZ+aBlFoxzbH7lZ6hxpb
 vXFl1d75WtQ9asRQKNsI6vWC+kQZe6yb84mIPuLC4cehbjLpfHHeE1rnelEwieAu9fhp5f
 l4RbXkwmAF5Qy7IFHNEkkK5tc00Dd4+sLwQES40hVQ3Nm3Hejh0JkPdJJO6JLQ==
Authentication-Results: outgoing_mbo_mout; dkim=none;
 spf=pass (outgoing_mbo_mout: domain of a@unstable.cc designates
 2001:67c:2050:b231:465::102 as permitted sender) smtp.mailfrom=a@unstable.cc
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Wed, 27 May 2026 01:18:47 +0200
Message-ID: <20260526231850.2511369-6-a@unstable.cc>
In-Reply-To: <20260526231850.2511369-1-a@unstable.cc>
References: <20260526231850.2511369-1-a@unstable.cc>
MIME-Version: 1.0
X-Rspamd-Queue-Id: 4gQ7wz2qmRz9tqn
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "sfi-spamd-1.hosts.colo.sdot.me",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: From: Antonio Quartulli <antonio@openvpn.net>
 ovpn_peer_endpoints_update()
 builds the new remote endpoint in an on-stack struct sockaddr_storage that
 is left uninitialized. For IPv4 only sin_family/sin_addr/sin_port are
 written,
 leaving the 8-byt [...]
 Content analysis details:   (-0.2 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
 domain
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
X-Headers-End: 1wS13H-0000To-Jr
Subject: [Openvpn-devel] [PATCH ovpn net 6/9] ovpn: zero-initialize sockaddr
 before learning a floated endpoint
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <antonio@openvpn.net>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: 1866294966021226209
X-GMAIL-MSGID: 1866294966021226209

From: Antonio Quartulli <antonio@openvpn.net>

ovpn_peer_endpoints_update() builds the new remote endpoint in an
on-stack struct sockaddr_storage that is left uninitialized. For IPv4
only sin_family/sin_addr/sin_port are written, leaving the 8-byte
sin_zero padding as stack garbage (for IPv6, sin6_flowinfo is left
uninitialized likewise).

ovpn_peer_reset_sockaddr() -> ovpn_bind_from_sockaddr() then memcpy()s
sizeof(struct sockaddr_in)/sizeof(struct sockaddr_in6) bytes - padding
included - into bind->remote. That buffer is later hashed with jhash()
over the same length to place the peer in the by_transp_addr table, so
the garbage padding lands the floated peer in an essentially random
bucket. Lockless lookups in ovpn_peer_get_by_transp_addr() build their
key from a zero-initialized sockaddr_storage, compute a different bucket
and fail to find the peer.

This is also a plain use of uninitialized stack memory in jhash().

Zero-initialize the sockaddr_storage, matching what the lookup and
netlink paths already do.

Fixes: f0281c1d3732 ("ovpn: add support for updating local or remote UDP endpoint")
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
 drivers/net/ovpn/peer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c
index bbb1946fa5b4..1d878c3e1514 100644
--- a/drivers/net/ovpn/peer.c
+++ b/drivers/net/ovpn/peer.c
@@ -220,7 +220,7 @@ static void __ovpn_peer_hash_transp_addr(struct ovpn_peer *peer,
  */
 void ovpn_peer_endpoints_update(struct ovpn_peer *peer, struct sk_buff *skb)
 {
-	struct sockaddr_storage ss;
+	struct sockaddr_storage ss = {};
 	struct sockaddr_in6 *sa6;
 	bool reset_cache = false;
 	struct sockaddr_in *sa;