lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 7 Oct 2018 19:38:14 -0600
From:   David Ahern <dsahern@...il.com>
To:     Christian Brauner <christian@...uner.io>,
        David Ahern <dsahern@...nel.org>
Cc:     netdev@...r.kernel.org, davem@...emloft.net, jbenc@...hat.com,
        stephen@...workplumber.org
Subject: Re: [PATCH net-next 19/20] net: Update netconf dump handlers for
 strict data checking

On 10/7/18 4:53 AM, Christian Brauner wrote:
>> @@ -2076,6 +2077,21 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb,
>>  	struct in_device *in_dev;
>>  	struct hlist_head *head;
>>  
>> +	if (cb->strict_check) {
>> +		struct netlink_ext_ack *extack = cb->extack;
>> +		struct netconfmsg *ncm;
>> +
>> +		if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) {
>> +			NL_SET_ERR_MSG(extack, "Invalid header");
>> +			return -EINVAL;
>> +		}
>> +
>> +		if (nlh->nlmsg_len != nlmsg_msg_size(sizeof(*ncm))) {
>> +			NL_SET_ERR_MSG(extack, "Invalid data after header");
>> +			return -EINVAL;
>> +		}
> 
> Hm, I think this could just be one branch with !=
> But if you've done this to report back a more meaningful error message
> to userspace, fine. :)

Consistency with other dump handlers and better userspace error
messages. If netconf ever gets a filter the length check is removed in
favor of nlmsg_parse_strict

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ