lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 1 May 2011 08:41:14 +0200
From:	Jiri Pirko <jpirko@...hat.com>
To:	Stephen Hemminger <shemminger@...tta.com>
Cc:	netdev@...r.kernel.org, davem@...emloft.net,
	eric.dumazet@...il.com, mirqus@...il.com, xemul@...nvz.org
Subject: Re: [patch net-next-2.6] net: call dev_alloc_name from
 register_netdevice

Sun, May 01, 2011 at 06:47:35AM CEST, shemminger@...tta.com wrote:
>On Sat, 30 Apr 2011 22:57:52 +0200
>Jiri Pirko <jpirko@...hat.com> wrote:
>
>> Sat, Apr 30, 2011 at 07:34:44PM CEST, shemminger@...tta.com wrote:
>> >On Sat, 30 Apr 2011 13:21:32 +0200
>> >Jiri Pirko <jpirko@...hat.com> wrote:
>> >
>> >> Force dev_alloc_name() to be called from register_netdevice() by
>> >> dev_get_valid_name(). That allows to remove multiple explicit
>> >> dev_alloc_name() calls.
>> >> 
>> >> The possibility to call dev_alloc_name in advance remains.
>> >> 
>> >> This also fixes veth creation regresion caused by
>> >> 84c49d8c3e4abefb0a41a77b25aa37ebe8d6b743
>> >> 
>> >> Signed-off-by: Jiri Pirko <jpirko@...hat.com>
>> >
>> >The problem with this then you have to audit all the calls
>> >to register_netdevice to make sure that user can't provide a bad
>> >value which then is passed a format string. Why not just fix
>> >just veth which would be safer.
>> 
>> Well it looks convenient to do name allocations inside
>> register_netdevice generically. For special cases dev_get_valid_name()
>> can be still used as before (this I think should be also prohibited in
>> future).
>> 
>> Also I think that drivers should be responsible for what they are
>> passing from user to core. Btw could you please give me an example of
>> "a bad value" causing any harm in particular situation?
>> 
>> Thanks
>> 
>> Jirka
>
>I am concerned that code like that before a driver could be passed
>a string with format characters; and make a device with % in the name
>and some configuration might depend on that.
>
>dev_alloc_name tries to be as safe as possible about the processing
>of format string so it should be safe from names like 'eth%s'

That is correct. For example:
[root@f14 ~]# ip link add name "test%d" type dummy
[root@f14 ~]# ip link add name "te%dst" type dummy
[root@f14 ~]# ip link add name "test%s" type dummy
RTNETLINK answers: Invalid argument
[root@f14 ~]# ip link add name "te%sst" type dummy
RTNETLINK answers: Invalid argument
[root@f14 ~]# ip link add name "test%p" type dummy
RTNETLINK answers: Invalid argument
[root@f14 ~]# ip link add name "test%f" type dummy
RTNETLINK answers: Invalid argument
[root@f14 ~]# 

Looks safe to me.

>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ