| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20181002002851.5002-26-dsahern@kernel.org>
Date: Mon, 1 Oct 2018 17:28:51 -0700
From: David Ahern <dsahern@...nel.org>
To: netdev@...r.kernel.org, davem@...emloft.net
Cc: christian@...uner.io, jbenc@...hat.com, stephen@...workplumber.org,
David Ahern <dsahern@...il.com>
Subject: [PATCH RFC v2 net-next 25/25] net: Enable kernel side filtering of route dumps
From: David Ahern <dsahern@...il.com>
Update parsing of route dump request to enable kernel side of filtering.
Signed-off-by: David Ahern <dsahern@...il.com>
---
net/ipv4/fib_frontend.c | 42 ++++++++++++++++++++++++++++++------------
1 file changed, 30 insertions(+), 12 deletions(-)
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index a3f4073e509a..d1ef1cb98139 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -806,7 +806,9 @@ int ip_valid_fib_dump_req(const struct nlmsghdr *nlh,
struct fib_dump_filter *filter,
struct netlink_ext_ack *extack)
{
+ struct nlattr *tb[RTA_MAX + 1];
struct rtmsg *rtm;
+ int err, i;
if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*rtm))) {
NL_SET_ERR_MSG(extack, "Invalid header");
@@ -814,21 +816,37 @@ int ip_valid_fib_dump_req(const struct nlmsghdr *nlh,
}
rtm = nlmsg_data(nlh);
- if (rtm->rtm_dst_len || rtm->rtm_src_len || rtm->rtm_tos ||
- rtm->rtm_table || rtm->rtm_protocol || rtm->rtm_scope ||
- rtm->rtm_type) {
- NL_SET_ERR_MSG(extack,
- "Invalid values in header for dump request");
+ if (rtm->rtm_dst_len || rtm->rtm_src_len) {
+ NL_SET_ERR_MSG(extack, "Invalid values in header for dump request");
return -EINVAL;
}
- if (rtm->rtm_flags & ~(RTM_F_CLONED | RTM_F_PREFIX)) {
- NL_SET_ERR_MSG(extack, "Invalid flags for dump request");
- return -EINVAL;
- }
- if (nlh->nlmsg_len != nlmsg_msg_size(sizeof(*rtm))) {
- NL_SET_ERR_MSG(extack, "Invalid data after header");
- return -EINVAL;
+ filter->flags = rtm->rtm_flags;
+ filter->tos = rtm->rtm_tos;
+ filter->protocol = rtm->rtm_protocol;
+ filter->scope = rtm->rtm_scope;
+ filter->rt_type = rtm->rtm_type;
+ filter->table_id = rtm->rtm_table;
+
+ err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX,
+ rtm_ipv4_policy, extack);
+ if (err < 0)
+ return err;
+
+ for (i = 0; i <= RTA_MAX; ++i) {
+ if (!tb[i])
+ continue;
+ switch (i) {
+ case RTA_TABLE:
+ filter->table_id = nla_get_u32(tb[i]);
+ break;
+ case RTA_OIF:
+ filter->ifindex = nla_get_u32(tb[i]);
+ break;
+ default:
+ NL_SET_ERR_MSG(extack, "Unsupported attribute in dump request");
+ return -EINVAL;
+ }
}
return 0;
--
2.11.0
Powered by blists - more mailing lists