lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140423114120.GC31647@voom.fritz.box>
Date:	Wed, 23 Apr 2014 21:41:20 +1000
From:	David Gibson <david@...son.dropbear.id.au>
To:	Jiri Pirko <jiri@...nulli.us>
Cc:	netdev@...r.kernel.org, ssujith@...co.com, neepatel@...co.com,
	benve@...co.com, davem@...emloft.net, ben@...adent.org.uk,
	govindarajulu90@...il.com, gregory.v.rose@...el.com
Subject: Re: [PATCH 1/2] rtnetlink: Warn when interface's information won't
 fit in our packet

On Wed, Apr 23, 2014 at 11:09:05AM +0200, Jiri Pirko wrote:
> Wed, Apr 23, 2014 at 09:21:04AM CEST, david@...son.dropbear.id.au wrote:
> >Without IFLA_EXT_MASK specified, the information reported for a single
> >interface in response to RTM_GETLINK is expected to fit within a netlink
> >packet of NLMSG_GOODSIZE.
> >
> >If it doesn't, however, things will go badly wrong,  When listing all
> >interfaces, netlink_dump() will incorrectly treat -EMSGSIZE on the first
> >message in a packet as the end of the listing and omit information for
> >that interface and all subsequent ones.  This can cause getifaddrs(3) to
> >enter an infinite loop.
> >
> >This patch won't fix the problem, but it will WARN_ON() making it easier to
> >track down what's going wrong.
> >
> >Signed-off-by: David Gibson <david@...son.dropbear.id.au>
> >---
> > net/core/rtnetlink.c | 16 +++++++++++-----
> > 1 file changed, 11 insertions(+), 5 deletions(-)
> >
> >diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
> >index d4ff417..5331db2 100644
> >--- a/net/core/rtnetlink.c
> >+++ b/net/core/rtnetlink.c
> >@@ -1198,6 +1198,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
> > 	struct hlist_head *head;
> > 	struct nlattr *tb[IFLA_MAX+1];
> > 	u32 ext_filter_mask = 0;
> >+	int err;
> > 
> > 	s_h = cb->args[0];
> > 	s_idx = cb->args[1];
> >@@ -1218,11 +1219,16 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
> > 		hlist_for_each_entry_rcu(dev, head, index_hlist) {
> > 			if (idx < s_idx)
> > 				goto cont;
> >-			if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
> >-					     NETLINK_CB(cb->skb).portid,
> >-					     cb->nlh->nlmsg_seq, 0,
> >-					     NLM_F_MULTI,
> >-					     ext_filter_mask) <= 0)
> >+			err = rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
> >+					       NETLINK_CB(cb->skb).portid,
> >+					       cb->nlh->nlmsg_seq, 0,
> >+					       NLM_F_MULTI,
> >+					       ext_filter_mask);
> >+			/* If we ran out of room on the first message,
> >+			 * we're in trouble */
> >+			WARN_ON((err == -EMSGSIZE) && (skb->len == 0));
> >+
> >+			if (err <= 0)
> 			if (err)

<= 0 was what the original version had.  Why do you think it should be
changed to != 0?

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ