lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130313083654.01d9c924@nehalam.linuxnetplumber.net>
Date:	Wed, 13 Mar 2013 08:36:54 -0700
From:	Stephen Hemminger <stephen@...workplumber.org>
To:	Vlad Yasevich <vyasevic@...hat.com>
Cc:	netdev@...r.kernel.org, davem@...emloft.net
Subject: Re: [PATCH] rtnetlink: Mask the rta_type when range checking

On Wed, 13 Mar 2013 10:18:58 -0400
Vlad Yasevich <vyasevic@...hat.com> wrote:

> Range/validity checks on rta_type in rtnetlink_rcv_msg() do
> not account for flags that may be set.  This causes the function
> to return -EINVAL when flags are set on the type (for example
> NLA_F_NESTED).
> 
> Signed-off-by: Vlad Yasevich <vyasevic@...hat.com>
> ---
>  net/core/rtnetlink.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
> index 1868625..dc5edf1 100644
> --- a/net/core/rtnetlink.c
> +++ b/net/core/rtnetlink.c
> @@ -2538,7 +2538,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
>  		struct rtattr *attr = (void *)nlh + NLMSG_ALIGN(min_len);
>  
>  		while (RTA_OK(attr, attrlen)) {
> -			unsigned int flavor = attr->rta_type;
> +			unsigned int flavor = attr->rta_type & NLA_TYPE_MASK;
>  			if (flavor) {
>  				if (flavor > rta_max[sz_idx])
>  					return -EINVAL;

No. This is effectively an ABI change. It adds nothing.

The NLA_F_NESTED attribute wasn't in the first generation version of netlink
(before my time with Linux). It doesn't make sense to all of sudden start
accepting it on requests. Also, then you would expect the query to set
the NESTED flag as well, and that would be another ABI change.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ