[Openvpn-devel,ovpn,net,v2,6/9] ovpn: zero-initialize sockaddr before learning a floated endpoint
| Message ID | 20260608133251.3128542-6-a@unstable.cc |
|---|---|
| State | New |
| Headers |
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:bc1d:b0:861:c897:cb9d with SMTP id
jc29csp1885287mab;
Mon, 8 Jun 2026 06:33:18 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
AFNElJ/GwQ3KYg/4WugDTyU1RVGoCCX+MPlw1DLrOT+yIqRRWyxidjV76rhp3jE+qLnq72knJEAuP/vgx+0=@openvpn.net
X-Received: by 2002:a05:6870:f61c:b0:43e:5d18:e7e7 with SMTP id
586e51a60fabf-4413d854f5emr8314706fac.25.1780925597895;
Mon, 08 Jun 2026 06:33:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1780925597; cv=none;
d=google.com; s=arc-20240605;
b=h2DYODh5fRMTTPjnBrbdo/WdYq6eeTvOawOmttJz71fotGbQgudoBwgMhPLsgN7Dj3
G7mzCOtzCNwoEmN4El9erH5RdS55XU3zW4ei4e2ccK9IAnhRYIgrjgiIzFOUy3MMmkX/
pIPOE7AzcyjyUgCcUFrs/guvApyLGR8E98FrcXkLYhqaTjHUM+7Z2UsK6iap3opRWCy6
fQskVuWEOF4wOAc3t6MqTO+LEBRLFCWuyYNCqUg5/29Iifgm5lz3oHdXOnUAbjXPBtOE
pW51HNoMAXdmAP4BDH5gqs00uuthA2WIdB0b/C9p76PGIWrssehq1Jv2RxhbleUUtdf5
uyNQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help
:list-post:list-archive:list-unsubscribe:list-id:precedence:subject
:mime-version:references:in-reply-to:message-id:date:to:from
:dkim-signature:dkim-signature:dkim-signature:dkim-signature;
bh=sihv14qL/NYG8Vm1v41cAf20MnZRabmtEcW0zJqw81A=;
fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=;
b=ScwjrvpXQa8bdhbCk/v0tWG9EWPcCOYEPMX/eCJDwNWcAhZpFyyEJrgATXDTQLXt2Z
GrBXqbq/6uCGK2QiYdzjIXafCgSwT5pbGjMmh4d/7fnYEqUfYmjDf3D0Lv7bUtn8QbhA
zC7hYFe//YIXmW5P3zueW08nK1Lhf2GlAMhfjr8byBmwqbbcxulbUR2ke+Vcp4gTLsz6
lTXQrfsvRQSyUtya4j0zMIz8IGBJdEdb9eDHMBoUgqm2rTA2zgbNe35grp5gmapC4JxO
cTZAIzFMFTiYzonv90kmrpNHX5E18ysdfAsoYEGJFTsI/icTygsqjvF2UY0ppfFvsPNK
uvCw==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b=DoUomnz+;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=JtCdBbOt;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=PR7XeS54;
dkim=neutral (body hash did not verify) header.i=@unstable.cc
header.s=MBO0001 header.b=SWOjuNmi;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
586e51a60fabf-440d8848d39si13013687fac.315.2026.06.08.06.33.17
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Mon, 08 Jun 2026 06:33:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b=DoUomnz+;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=JtCdBbOt;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=PR7XeS54;
dkim=neutral (body hash did not verify) header.i=@unstable.cc
header.s=MBO0001 header.b=SWOjuNmi;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc:
List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender
:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
bh=sihv14qL/NYG8Vm1v41cAf20MnZRabmtEcW0zJqw81A=; b=DoUomnz+PaVdPaOCJacuzPsCcg
53QaiV2AJGD9KSKdZWboW5aSc2K3WIdGh5QfBXi9RPrLzHyetFx1CKpmUDt5NAN490DIsUCpcbhd6
tyZRTv5aqFXtgPuprgpJE97jS42cJLQaTCQgm2fMk2Q0TMTNfrtxq0Ihs8sTdRR7M06U=;
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1wWa6N-0003OH-6b;
Mon, 08 Jun 2026 13:33:15 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <a@unstable.cc>) id 1wWa6K-0003Nw-DX
for openvpn-devel@lists.sourceforge.net;
Mon, 08 Jun 2026 13:33:12 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=adDWVCSSk383woR3Mgckz7wFutvD2s6h4QcW7/qgDKk=; b=JtCdBbOt54WxYwb5ud7o5lEkiB
+7x73+38QrEDtaB0xzwFfCR3192wUzAtVNJJrtnM20MNGLEETDfGGAuutK2nNfajktmHtnhqV/tbW
T2yPI/SS38HvhShW97MPX5wBPHKwDkoOCiBxvcGT5iKVhQN574yrVCVM1cJd/FaMijaI=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=adDWVCSSk383woR3Mgckz7wFutvD2s6h4QcW7/qgDKk=; b=PR7XeS54JyDnASu3L+TZkZ//u0
BG5VwM/vnCW7a4VIz/RlN9KWwm1mc/nFKVoVPGd798D0xr7hSkle7J2s0ddPsanp76pMLDrzG/PA3
TsF5ycgrYGsKx81Vb3ND2zNTsQ4Gahq0DEG3Tn0QrKnHHWxmVMrNy2DJo5+G9LD3f3bQ=;
Received: from mout-p-202.mailbox.org ([80.241.56.172])
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
id 1wWa6I-0004wb-Eb for openvpn-devel@lists.sourceforge.net;
Mon, 08 Jun 2026 13:33:12 +0000
Received: from smtp102.mailbox.org (smtp102.mailbox.org
[IPv6:2001:67c:2050:b231:465::102])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
SHA256)
(No client certificate requested)
by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4gYtJp1pP9z9tPH;
Mon, 8 Jun 2026 15:32:58 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc;
s=MBO0001;
t=1780925578;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=adDWVCSSk383woR3Mgckz7wFutvD2s6h4QcW7/qgDKk=;
b=SWOjuNmiYTpKMwMiZg3Gy19RAvXNXnsaKgZDe2GVkAx/erM0UlOWLGZZK2L90SJdhxixhs
vYh1cF1kYOqisM+K79newmuXFUnbo6iHHwV4Uni44ZDvEIjQl/gAGNv5CDkkYKVQ6a0Cii
tG3scAwqt+fWxpPThEjQ9MxGp7pY7FA4jKe5iAiawha9gsyc787kYUcpdQUD1P335nqfbH
/9GezyICuayPbXn/Tqnaoi3E9F2+ruDt3JeR+1k1f39rRnf3dTRZxGGdPspS40tqXy3emM
t4oAuM1Y4BqneiR2tmDVztwOr0sXpPom36hpAnlQoQ3M+03x1NmZC5lLd0N7HA==
Authentication-Results: outgoing_mbo_mout; dkim=none;
spf=pass (outgoing_mbo_mout: domain of a@unstable.cc designates
2001:67c:2050:b231:465::102 as permitted sender) smtp.mailfrom=a@unstable.cc
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Mon, 8 Jun 2026 15:32:48 +0200
Message-ID: <20260608133251.3128542-6-a@unstable.cc>
In-Reply-To: <20260608133251.3128542-1-a@unstable.cc>
References: <20260608133251.3128542-1-a@unstable.cc>
MIME-Version: 1.0
X-Rspamd-Queue-Id: 4gYtJp1pP9z9tPH
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
running on the system "sfi-spamd-1.hosts.colo.sdot.me",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: From: Antonio Quartulli <antonio@openvpn.net>
ovpn_peer_endpoints_update()
builds the new remote endpoint in an on-stack struct sockaddr_storage that
is left uninitialized. For IPv4 only sin_family/sin_addr/sin_port are
written,
leaving the 8-byt [...]
Content analysis details: (-0.2 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.0 RCVD_IN_MSPIKE_H5 RBL: Excellent reputation (+5)
[80.241.56.172 listed in wl.mailspike.net]
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
X-Headers-End: 1wWa6I-0004wb-Eb
Subject: [Openvpn-devel] [PATCH ovpn net v2 6/9] ovpn: zero-initialize
sockaddr before learning a floated endpoint
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <antonio@openvpn.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: 1867435839535776539
X-GMAIL-MSGID: 1867435839535776539
|
| Series |
[Openvpn-devel,ovpn,net,v2,1/9] ovpn: skip rehash for peers already removed from by_id
|
|
Commit Message
Antonio Quartulli
June 8, 2026, 1:32 p.m. UTC
From: Antonio Quartulli <antonio@openvpn.net> ovpn_peer_endpoints_update() builds the new remote endpoint in an on-stack struct sockaddr_storage that is left uninitialized. For IPv4 only sin_family/sin_addr/sin_port are written, leaving the 8-byte sin_zero padding as stack garbage (for IPv6, sin6_flowinfo is left uninitialized likewise). ovpn_peer_reset_sockaddr() -> ovpn_bind_from_sockaddr() then memcpy()s sizeof(struct sockaddr_in)/sizeof(struct sockaddr_in6) bytes - padding included - into bind->remote. That buffer is later hashed with jhash() over the same length to place the peer in the by_transp_addr table, so the garbage padding lands the floated peer in an essentially random bucket. Lockless lookups in ovpn_peer_get_by_transp_addr() build their key from a zero-initialized sockaddr_storage, compute a different bucket and fail to find the peer. This is also a plain use of uninitialized stack memory in jhash(). Zero-initialize the sockaddr_storage, matching what the lookup and netlink paths already do. Fixes: f0281c1d3732 ("ovpn: add support for updating local or remote UDP endpoint") Signed-off-by: Antonio Quartulli <antonio@openvpn.net> --- drivers/net/ovpn/peer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c index ee88251f2196..4aa5edc75dec 100644 --- a/drivers/net/ovpn/peer.c +++ b/drivers/net/ovpn/peer.c @@ -220,7 +220,7 @@ static void __ovpn_peer_hash_transp_addr(struct ovpn_peer *peer, */ void ovpn_peer_endpoints_update(struct ovpn_peer *peer, struct sk_buff *skb) { - struct sockaddr_storage ss; + struct sockaddr_storage ss = {}; struct sockaddr_in6 *sa6; bool reset_cache = false; struct sockaddr_in *sa;