| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Nov 2019 08:29:33 -0700
From: David Ahern <dsahern@...il.com>
To: Xin Long <lucien.xin@...il.com>
Cc: David Miller <davem@...emloft.net>,
network dev <netdev@...r.kernel.org>,
Simon Horman <simon.horman@...ronome.com>,
Jiri Benc <jbenc@...hat.com>, Thomas Graf <tgraf@...g.ch>,
William Tu <u9012063@...il.com>
Subject: Re: [PATCH net-next 0/5] lwtunnel: add ip and ip6 options setting and
dumping
On 11/8/19 7:08 AM, Xin Long wrote:
> On Fri, Nov 8, 2019 at 12:18 AM David Ahern <dsahern@...il.com> wrote:
>>
>> On 11/7/19 3:50 AM, Xin Long wrote:
>>> Now think about it again, nla_parse_nested() should always be used on
>>> new options, should I post a fix for it? since no code to access this
>>> from userspace yet.
>>
>> please do. All new options should use strict parsing from the beginning.
>> And you should be able to set LWTUNNEL_IP_OPT_GENEVE_UNSPEC to
>> .strict_start_type = LWTUNNEL_IP_OPT_GENEVE_UNSPEC + 1 in the policy so
>> that new command using new option on an old kernel throws an error.
> I'm not sure if strict_start_type is needed when using nla_parse_nested().
>
> .strict_start_type seems only checked in validate_nla():
>
> if (strict_start_type && type >= strict_start_type)
> validate |= NL_VALIDATE_STRICT; <------ [1]
>
> But in the path of:
> nla_parse_nested() ->
> __nla_parse() ->
> __nla_validate_parse() ->
> validate_nla()
>
> The param 'validate' is always NL_VALIDATE_STRICT, no matter Code [1] is
> triggered or not. or am I missing something here?
>
ok, I missed that.
Powered by blists - more mailing lists