| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADvbK_dDVJs23x9Y-x3TNBRhoU6pQ5xH51B_nn0SuSws+C5QRA@mail.gmail.com>
Date: Fri, 8 Nov 2019 22:08:01 +0800
From: Xin Long <lucien.xin@...il.com>
To: David Ahern <dsahern@...il.com>
Cc: David Miller <davem@...emloft.net>,
network dev <netdev@...r.kernel.org>,
Simon Horman <simon.horman@...ronome.com>,
Jiri Benc <jbenc@...hat.com>, Thomas Graf <tgraf@...g.ch>,
William Tu <u9012063@...il.com>
Subject: Re: [PATCH net-next 0/5] lwtunnel: add ip and ip6 options setting and dumping
On Fri, Nov 8, 2019 at 12:18 AM David Ahern <dsahern@...il.com> wrote:
>
> On 11/7/19 3:50 AM, Xin Long wrote:
> > Now think about it again, nla_parse_nested() should always be used on
> > new options, should I post a fix for it? since no code to access this
> > from userspace yet.
>
> please do. All new options should use strict parsing from the beginning.
> And you should be able to set LWTUNNEL_IP_OPT_GENEVE_UNSPEC to
> .strict_start_type = LWTUNNEL_IP_OPT_GENEVE_UNSPEC + 1 in the policy so
> that new command using new option on an old kernel throws an error.
I'm not sure if strict_start_type is needed when using nla_parse_nested().
.strict_start_type seems only checked in validate_nla():
if (strict_start_type && type >= strict_start_type)
validate |= NL_VALIDATE_STRICT; <------ [1]
But in the path of:
nla_parse_nested() ->
__nla_parse() ->
__nla_validate_parse() ->
validate_nla()
The param 'validate' is always NL_VALIDATE_STRICT, no matter Code [1] is
triggered or not. or am I missing something here?
Powered by blists - more mailing lists