lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 28 Sep 2018 12:43:04 -0600
From:   David Ahern <dsahern@...il.com>
To:     Christian Brauner <christian@...uner.io>, dsahern@...nel.org
Cc:     netdev@...r.kernel.org, davem@...emloft.net, jbenc@...hat.com,
        stephen@...workplumber.org
Subject: Re: [PATCH RFC net-next 4/5] net/ipv4: Update inet_dump_ifaddr to
 support NLM_F_DUMP_PROPER_HDR

On 9/28/18 12:41 PM, Christian Brauner wrote:
>> @@ -1683,15 +1683,45 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
>>  	s_idx = idx = cb->args[1];
>>  	s_ip_idx = ip_idx = cb->args[2];
>>  
>> -	if (nlmsg_parse(cb->nlh, sizeof(struct ifaddrmsg), tb, IFA_MAX,
>> -			ifa_ipv4_policy, NULL) >= 0) {
>> -		if (tb[IFA_TARGET_NETNSID]) {
>> -			fillargs.netnsid = nla_get_s32(tb[IFA_TARGET_NETNSID]);
>> +	if (nlh->nlmsg_flags & NLM_F_DUMP_PROPER_HDR) {
>> +		struct nlattr *tb[IFA_MAX+1];
>> +		struct ifaddrmsg *ifm;
>> +		int err, i;
>> +
>> +		if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) {
>> +			NL_SET_ERR_MSG(extack, "Invalid header");
>> +			return -EINVAL;
>> +		}
>> +
>> +		ifm = (struct ifaddrmsg *) nlmsg_data(cb->nlh);
>> +		if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
>> +			NL_SET_ERR_MSG(extack, "Invalid values in header for dump request");
>> +			return -EINVAL;
>> +		}
>> +		if (ifm->ifa_index) {
>> +			NL_SET_ERR_MSG(extack, "Filter by device index not supported");
>> +			return -EINVAL;
>> +		}
>> +		err = nlmsg_parse(cb->nlh, sizeof(struct ifaddrmsg), tb, IFA_MAX,
>> +				ifa_ipv4_policy, NULL);
>> +		if (err < 0)
>> +			return err;
>>  
>> -			tgt_net = rtnl_get_net_ns_capable(skb->sk,
>> -							  fillargs.netnsid);
>> -			if (IS_ERR(tgt_net))
>> -				return PTR_ERR(tgt_net);
>> +		for (i = 0; i < IFA_MAX; ++i) {
>> +			if (i == IFA_TARGET_NETNSID) {
>> +				fillargs.netnsid = nla_get_s32(tb[i]);
>> +
>> +				tgt_net = rtnl_get_net_ns_capable(skb->sk,
>> +								  fillargs.netnsid);
>> +				if (IS_ERR(tgt_net))
>> +					return PTR_ERR(tgt_net);
>> +
>> +				fillargs.flags |= NLM_F_DUMP_FILTERED;
>> +			}
>> +			if (tb[i]) {
>> +				NL_SET_ERR_MSG(extack, "Unsupported attribute in dump request");
>> +				return -EINVAL;
>> +			}
> 
> That loop doesn't do what it promises, no? Shouldn't it be:

your right, that should be:
			} else if (tb[i]) {

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ