This is a note to let you know that I've just added the patch titled
can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting
to the 5.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
can-isotp-isotp_bind-return-einval-on-incorrect-can-id-formatting.patch
and it can be found in the queue-5.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From stable-owner@xxxxxxxxxxxxxxx Tue Oct 31 10:30:57 2023
From: Oliver Hartkopp <socketcan@xxxxxxxxxxxx>
Date: Tue, 31 Oct 2023 10:30:20 +0100
Subject: can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting
To: gregkh@xxxxxxxxxxxxxxxxxxx, stable@xxxxxxxxxxxxxxx, sashal@xxxxxxxxxx
Cc: linux-can@xxxxxxxxxxxxxxx, lukas.magel@xxxxxxxxxx, patches@xxxxxxxxxxxxxxx, maxime.jayat@xxxxxxxxxxxxxxxxx, mkl@xxxxxxxxxxxxxx, michal.sojka@xxxxxxx, Oliver Hartkopp <socketcan@xxxxxxxxxxxx>, Derek Will <derekrobertwill@xxxxxxxxx>
Message-ID: <20231031093025.2699-3-socketcan@xxxxxxxxxxxx>
From: Oliver Hartkopp <socketcan@xxxxxxxxxxxx>
commit 2aa39889c463195a0dfe2aff9fad413139c32a4f upstream
Commit 3ea566422cbd ("can: isotp: sanitize CAN ID checks in
isotp_bind()") checks the given CAN ID address information by
sanitizing the input values.
This check (silently) removes obsolete bits by masking the given CAN
IDs.
Derek Will suggested to give a feedback to the application programmer
when the 'sanitizing' was actually needed which means the programmer
provided CAN ID content in a wrong format (e.g. SFF CAN IDs with a CAN
ID > 0x7FF).
Link: https://lore.kernel.org/all/20220515181633.76671-1-socketcan@xxxxxxxxxxxx
Suggested-by: Derek Will <derekrobertwill@xxxxxxxxx>
Signed-off-by: Oliver Hartkopp <socketcan@xxxxxxxxxxxx>
Signed-off-by: Marc Kleine-Budde <mkl@xxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/can/isotp.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/net/can/isotp.c
+++ b/net/can/isotp.c
@@ -1142,6 +1142,11 @@ static int isotp_bind(struct socket *soc
else
rx_id &= CAN_SFF_MASK;
+ /* give feedback on wrong CAN-ID values */
+ if (tx_id != addr->can_addr.tp.tx_id ||
+ rx_id != addr->can_addr.tp.rx_id)
+ return -EINVAL;
+
if (!addr->can_ifindex)
return -ENODEV;
Patches currently in stable-queue which might be from stable-owner@xxxxxxxxxxxxxxx are
queue-5.15/ext4-avoid-overlapping-preallocations-due-to-overflow.patch
queue-5.15/can-isotp-isotp_bind-do-not-validate-unused-address-information.patch
queue-5.15/can-isotp-set-max-pdu-size-to-64-kbyte.patch
queue-5.15/can-isotp-isotp_bind-return-einval-on-incorrect-can-id-formatting.patch
queue-5.15/ext4-fix-bug-in-ext4_mb_new_inode_pa-due-to-overflow.patch
queue-5.15/rpmsg-fix-calling-device_lock-on-non-initialized-device.patch
queue-5.15/can-isotp-isotp_sendmsg-fix-tx-state-detection-and-wait-behavior.patch
queue-5.15/rpmsg-constify-local-variable-in-field-store-macro.patch
queue-5.15/rpmsg-glink-release-driver_override.patch
queue-5.15/driver-platform-add-helper-for-safer-setting-of-driver_override.patch
queue-5.15/can-isotp-check-can-address-family-in-isotp_bind.patch
queue-5.15/rpmsg-fix-kfree-of-static-memory-on-setting-driver_override.patch
queue-5.15/can-isotp-add-local-echo-tx-processing-and-tx-without-fc.patch
queue-5.15/can-isotp-handle-wait_event_interruptible-return-values.patch
queue-5.15/rpmsg-fix-possible-refcount-leak-in-rpmsg_register_device_override.patch
queue-5.15/ext4-add-two-helper-functions-extent_logical_end-and-pa_logical_end.patch
