| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120215140814.GA29673@canuck.infradead.org>
Date: Wed, 15 Feb 2012 09:08:14 -0500
From: Thomas Graf <tgraf@...radead.org>
To: Ben Hutchings <bhutchings@...arflare.com>
Cc: Greg Rose <gregory.v.rose@...el.com>, netdev@...r.kernel.org,
davem@...emloft.net
Subject: Re: [RFC V2 PATCH] rtnetlink: Fix problem with buffer allocation
On Tue, Feb 14, 2012 at 09:13:13PM +0000, Ben Hutchings wrote:
> > + struct rtattr *ext_req;
> > + u32 *ext_req_data;
> > + req = (struct rtnl_req_extended *)cb->nlh;
> > + ext_req = (struct rtattr *)&req->ext;
> > + if (ext_req->rta_type == IFLA_EXT_MASK) {
> > + ext_req_data = RTA_DATA(ext_req);
> > + ext_filter_mask = *ext_req_data;
> > + }
> > + }
>
> We cannot trust a flag to tell us what the length of the message is. We
> have to check the value of nlmsg_len (which netlink has already
> validated as being within the skb length and >= our declared request
> header length). I think that makes the flag redundant.
>
> In fact, I think we should really use nlmsg_parse() here. That might be
> overkill when there's only a single valid attribute; I don't know.
I think it's worth the effort. You get all the validation for free. And
please use the netlink interface in <net/netlink.h>, the rtattr based
interface has been deprecated a while ago.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists