lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 03 Feb 2011 20:43:41 -0800 (PST)
From:	David Miller <davem@...emloft.net>
To:	julia@...u.dk
Cc:	netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
	paul.moore@...com, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] include/net/genetlink.h: Allow genlmsg_cancel to
 accept a NULL argument

From: Julia Lawall <julia@...u.dk>
Date: Wed, 2 Feb 2011 07:17:29 +0100 (CET)

> This pattern occurred in eg:
> 
> net/netlabel/netlabel_unlabeled.c
> 
> in the function netlbl_unlabel_staticlist_gen and in other netlabel code, 
> as well as in net/wireless/nl80211.c, but with the function nl80211hdr_put 
> instead of genlmsg_put.  I submitted patches for all of these cases, so 
> that is perhaps why you don't see them.  But someone suggested to change 
> genlmsg_cancel as well, to be as permissive as nlmsg_cancel.
> 
> For nlmsg_cancel, there are two occurrences in 
> net/netfilter/nf_conntrack_netlink.c where nlmsg_cancel is reachable with 
> the second argument NULL.
> 
> For nlmsg_cancel the ability to accept NULL as a second argument comes 
> from the fact that it only calls nlmsg_trim, which does nothing if NULL is 
> the second argument.  nlmsg_trim is also called by nla_nest_cancel.  There 
> are many calls to nla_nest_cancel with NULL as the second argument in the 
> directory net/sched, for example in the function gred_dump in 
> net/sched/sch_gred.c.  net/sched also contains a call to nlmsg_trim with 
> NULL as the second argument, in the function flow_dump, in 
> net/sched/cls_flow.c.
> 
> The whole thing seems somewhat sloppy.  I'm sure that all of the 
> above-cited occurrences could be rewritten as outlined above to skip over 
> the cancel/trim function.

Thanks for the analysis Julia.

I think the only safe thing to do in net-2.6 and -stable is to add
the NULL check to genlmsg_cancel() as your patch did.

I we later want to move things such that, consistently, we never
call *nlmsg_cancel() with a NULL second arg, that's fine.

I'll apply your genlmsg_cancel() patch, thanks Julia.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ