lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20171219075951.7aca0d53@xeon-e3>
Date:   Tue, 19 Dec 2017 07:59:51 -0800
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     Serhey Popovich <serhe.popovych@...il.com>
Cc:     netdev@...r.kernel.org
Subject: Re: [PATCH iproute2 1/3] iplink: Improve index parameter handling

On Mon, 18 Dec 2017 23:37:09 +0200
Serhey Popovich <serhe.popovych@...il.com> wrote:

> Stephen Hemminger wrote:
> > On Mon, 18 Dec 2017 23:02:07 +0200
> > Serhey Popovich <serhe.popovych@...il.com> wrote:
> >   
> >> Stephen Hemminger wrote:  
> >>> On Mon, 18 Dec 2017 20:54:06 +0200
> >>> Serhey Popovych <serhe.popovych@...il.com> wrote:
> >>>     
> >>>> diff --git a/ip/iplink.c b/ip/iplink.c
> >>>> index 1e685cc..4f9c169 100644
> >>>> --- a/ip/iplink.c
> >>>> +++ b/ip/iplink.c
> >>>> @@ -586,8 +586,10 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req,
> >>>>  			*name = *argv;
> >>>>  		} else if (strcmp(*argv, "index") == 0) {
> >>>>  			NEXT_ARG();
> >>>> +			if (*index)
> >>>> +				duparg("index", *argv);
> >>>>  			*index = atoi(*argv);
> >>>> -			if (*index < 0)
> >>>> +			if (*index <= 0)    
> >>>
> >>> Why not use strtoul instead of atoi?    
> >> Do not see reason for strtoul() instead atoi():
> >>
> >>   1) main arg: indexes in kernel represented as "int", which is
> >>      signed. <= 0 values are reserved for various special purposes
> >>      (see net/core/fib_rules.c on how device matching implemented).
> >>
> >>      Configuring network device manually with index <= 0 is not correct
> >>      (however possible). Kernel itself never chooses ifindex <= 0.
> >>
> >>      Having unsigned int > 0x7fffffff actually means index <= 0.
> >>
> >>   2) this is not single place in iproute2 where it is used: not
> >>      going to remove last user.
> >>
> >>   3) make changes clear and transparent for review.  
> > 
> > I would rather all of iproute2 correctly handles unsigned values.
> > Too much code is old K&R style C "the world is an int" and "who needs
> > to check for negative".  
> 
> You are right :(. I'm just trying to improve things a bit.
> 
> > 
> > There already is get_unsigned() in iproute2 util functions.  
> This is good one based on strtoul(). But do we want to submit say
> index = (unsigned int)2147483648(0x7fffffff) to the kernel that is
> illegal from it's perspective?
> 
> Or do you mean I can prepare treewide change to replace atoi() with
> get_unsigned()/get_integer() where appropriate?
> 
> We already check if (*index < 0) since commit 3c682146aeff
> (iplink: forbid negative ifindex and modifying ifindex), and I just
> put index == 0 in the same range of invalid indexes.
> 

The legacy BSD ABI for interfaces uses int, so that sets the upper
bound for kernel.

The netlink ABI limit is u32 for ifindex so technically 1..UINT32_MAX are
possible values but kernel is bound by BSD mistake.

I will take the original patch.



Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ