| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130315085124.GA17498@casper.infradead.org> Date: Fri, 15 Mar 2013 08:51:24 +0000 From: Thomas Graf <tgraf@...g.ch> To: Vlad Yasevich <vyasevic@...hat.com> Cc: Stephen Hemminger <stephen@...workplumber.org>, netdev@...r.kernel.org, davem@...emloft.net Subject: Re: [PATCH] rtnetlink: Mask the rta_type when range checking On 03/14/13 at 08:30pm, Vlad Yasevich wrote: > Doing a quick check on all the callers for rtnl_register and their > handlers the following do not use nla_parse: > 1) dn_fib_rtm_newroute/delroute - Don't seem to care about attribute > types. > 2) dn_cache_getroute() - suspect use. relies on rta_buf populated by > rtnetlink_rcv_msg > > 3) inet_rtm_newroute/delroute - rtm_to_fib_config() uses a custom loop > with nla_type(), so safe. > > That's all that a quick look finds. Out of all of them, looks like > on dn_cache_getroute() would be broken. So checking values in rta_max[] which lists the maximum attribute allowed for each message family range, all are limited to low values so the NLA_F_NESTED bit is guaranteed to have been unused up to now. The risk that remains is that we would start accepting an attribute which we previously didn't but we have that risk with every new attribute that is added. Acked-by: Thomas Graf <tgraf@...g.ch> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists