| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ef625946-5874-c029-b6ba-a0cb7f32160d@6wind.com>
Date: Fri, 5 Apr 2019 17:40:32 +0200
From: Nicolas Dichtel <nicolas.dichtel@...nd.com>
To: Johannes Berg <johannes@...solutions.net>,
linux-wireless@...r.kernel.org, netdev@...r.kernel.org
Cc: Pablo Neira Ayuso <pablo@...filter.org>,
David Ahern <dsa@...ulusnetworks.com>
Subject: Re: [PATCH 4/6] netlink: add strict parsing for future attributes
Le 05/04/2019 à 17:31, Johannes Berg a écrit :
> On Fri, 2019-04-05 at 17:22 +0200, Nicolas Dichtel wrote:
>> Le 04/04/2019 à 08:54, Johannes Berg a écrit :
>> [snip]
>>> As we didn't want to add another argument to all functions that get a
>>> netlink policy, the workaround is to encode that boundary in the first
>>> entry of the policy array (which is for type 0 and thus probably not
>>> really valid anyway). I put it into the validation union for the rare
>>> possibility that somebody is actually using attribute 0, which would
>>> continue to work fine unless they tried to use the extended validation,
>>> which isn't likely. We also didn't find any in-tree users with type 0.
>>
>> OVS_TUNNEL_KEY_ATTR_ID seems to be one if I'm not wrong.
>
> Indeed, good find.
>
> I guess I'll change the commit message, but all it really means is that
> OVS can't use any validation function etc. for OVS_TUNNEL_KEY_ATTR_ID,
> which seems like a reasonable trade-off.
Yes I agree.
There is three others 0-attribute, but filled only by the kernel
(NETLINK_DIAG_NONE, PACKET_DIAG_NONE and UNIX_DIAG_NONE).
Nicolas
Powered by blists - more mailing lists