lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Oct 2019 09:40:09 +0200 From: Michal Kubecek <mkubecek@...e.cz> To: "David S. Miller" <davem@...emloft.net> Cc: Jiri Pirko <jiri@...lanox.com>, Johannes Berg <johannes@...solutions.net>, Jakub Kicinski <jakub.kicinski@...ronome.com>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: [PATCH net-next v3] genetlink: do not parse attributes for families with zero maxattr Commit c10e6cf85e7d ("net: genetlink: push attrbuf allocation and parsing to a separate function") moved attribute buffer allocation and attribute parsing from genl_family_rcv_msg_doit() into a separate function genl_family_rcv_msg_attrs_parse() which, unlike the previous code, calls __nlmsg_parse() even if family->maxattr is 0 (i.e. the family does its own parsing). The parser error is ignored and does not propagate out of genl_family_rcv_msg_attrs_parse() but an error message ("Unknown attribute type") is set in extack and if further processing generates no error or warning, it stays there and is interpreted as a warning by userspace. Dumpit requests are not affected as genl_family_rcv_msg_dumpit() bypasses the call of genl_family_rcv_msg_attrs_parse() if family->maxattr is zero. Move this logic inside genl_family_rcv_msg_attrs_parse() so that we don't have to handle it in each caller. v3: put the check inside genl_family_rcv_msg_attrs_parse() v2: adjust also argument of genl_family_rcv_msg_attrs_free() Fixes: c10e6cf85e7d ("net: genetlink: push attrbuf allocation and parsing to a separate function") Signed-off-by: Michal Kubecek <mkubecek@...e.cz> --- net/netlink/genetlink.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index ecc2bd3e73e4..0522b2b1fd95 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c @@ -483,6 +483,9 @@ genl_family_rcv_msg_attrs_parse(const struct genl_family *family, struct nlattr **attrbuf; int err; + if (!family->maxattr) + return NULL; + if (parallel) { attrbuf = kmalloc_array(family->maxattr + 1, sizeof(struct nlattr *), GFP_KERNEL); @@ -582,9 +585,6 @@ static int genl_family_rcv_msg_dumpit(const struct genl_family *family, if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) return -EINVAL; - if (!family->maxattr) - goto no_attrs; - attrs = genl_family_rcv_msg_attrs_parse(family, nlh, extack, ops, hdrlen, GENL_DONT_VALIDATE_DUMP_STRICT, @@ -649,7 +649,6 @@ static int genl_family_rcv_msg_doit(const struct genl_family *family, attrbuf = genl_family_rcv_msg_attrs_parse(family, nlh, extack, ops, hdrlen, GENL_DONT_VALIDATE_STRICT, - family->maxattr && family->parallel_ops); if (IS_ERR(attrbuf)) return PTR_ERR(attrbuf); @@ -676,8 +675,7 @@ static int genl_family_rcv_msg_doit(const struct genl_family *family, family->post_doit(ops, skb, &info); out: - genl_family_rcv_msg_attrs_free(family, attrbuf, - family->maxattr && family->parallel_ops); + genl_family_rcv_msg_attrs_free(family, attrbuf, family->parallel_ops); return err; } -- 2.23.0
Powered by blists - more mailing lists