When less bytes than the header size is read, do not indicate to the caller
that the read was successful, as the caller would read uninitialized memory.
To achieve that, subtract the header size unconditionally (unless an error
was returned by sk_receive).

In addition, do not check for Ethernet type when full Ethernet header was
not read. This again may lead to reading of uninitialized memory.

Signed-off-by: Jiri Benc <***@redhat.com>
---
raw.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/raw.c b/raw.c
index 1bfc1bbde509..795292fab358 100644
--- a/raw.c
+++ b/raw.c
@@ -244,6 +244,11 @@ static int raw_recv(struct transport *t, int fd, void *buf, int buflen,

cnt = sk_receive(fd, ptr, buflen, hwts, 0);

+ if (cnt >= 0)
+ cnt -= hlen;
+ if (cnt < 0)
+ return cnt;
+
if (raw->vlan) {
if (ETH_P_1588 == ntohs(hdr->type)) {
pr_notice("raw: disabling VLAN mode");
@@ -255,9 +260,6 @@ static int raw_recv(struct transport *t, int fd, void *buf, int buflen,
raw->vlan = 1;
}
}
- if (cnt >= hlen) {
- cnt -= hlen;
- }
return cnt;
}