lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Nov 2019 22:08:01 +0800 From: Xin Long <lucien.xin@...il.com> To: David Ahern <dsahern@...il.com> Cc: David Miller <davem@...emloft.net>, network dev <netdev@...r.kernel.org>, Simon Horman <simon.horman@...ronome.com>, Jiri Benc <jbenc@...hat.com>, Thomas Graf <tgraf@...g.ch>, William Tu <u9012063@...il.com> Subject: Re: [PATCH net-next 0/5] lwtunnel: add ip and ip6 options setting and dumping On Fri, Nov 8, 2019 at 12:18 AM David Ahern <dsahern@...il.com> wrote: > > On 11/7/19 3:50 AM, Xin Long wrote: > > Now think about it again, nla_parse_nested() should always be used on > > new options, should I post a fix for it? since no code to access this > > from userspace yet. > > please do. All new options should use strict parsing from the beginning. > And you should be able to set LWTUNNEL_IP_OPT_GENEVE_UNSPEC to > .strict_start_type = LWTUNNEL_IP_OPT_GENEVE_UNSPEC + 1 in the policy so > that new command using new option on an old kernel throws an error. I'm not sure if strict_start_type is needed when using nla_parse_nested(). .strict_start_type seems only checked in validate_nla(): if (strict_start_type && type >= strict_start_type) validate |= NL_VALIDATE_STRICT; <------ [1] But in the path of: nla_parse_nested() -> __nla_parse() -> __nla_validate_parse() -> validate_nla() The param 'validate' is always NL_VALIDATE_STRICT, no matter Code [1] is triggered or not. or am I missing something here?
Powered by blists - more mailing lists