[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200723.121930.163681559677190095.davem@davemloft.net>
Date: Thu, 23 Jul 2020 12:19:30 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: salyzyn@...roid.com
Cc: linux-kernel@...r.kernel.org, kernel-team@...roid.com,
netdev@...r.kernel.org, kuba@...nel.org, tgraf@...g.ch
Subject: Re: [PATCH] netlink: add buffer boundary checking
From: Mark Salyzyn <salyzyn@...roid.com>
Date: Thu, 23 Jul 2020 11:21:32 -0700
> Many of the nla_get_* inlines fail to check attribute's length before
> copying the content resulting in possible out-of-boundary accesses.
> Adjust the inlines to perform nla_len checking, for the most part
> using the nla_memcpy function to faciliate since these are not
> necessarily performance critical and do not need a likely fast path.
>
> Signed-off-by: Mark Salyzyn <salyzyn@...roid.com>
> Cc: netdev@...r.kernel.org
> Cc: linux-kernel@...r.kernel.org
> Cc: kernel-team@...roid.com
> Cc: "David S. Miller" <davem@...emloft.net>
> Cc: Jakub Kicinski <kuba@...nel.org>
> Cc: Thomas Graf <tgraf@...g.ch>
> Fixes: bfa83a9e03cf ("[NETLINK]: Type-safe netlink messages/attributes interface")
Please, let's avoid stuff like this.
Now it is going to be expensive to move several small attributes,
which is common. And there's a multiplier when dumping, for example,
thousands of networking devices, routes, or whatever, and all of their
attributes in a dump.
If you can document actual out of bounds accesses, let's fix them. Usually
contextually the attribute type and size has been validated by the time we
execute these accessors.
I'm not applying this, sorry.
Powered by blists - more mailing lists