| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <faf336e3ba515d41211910f3d8d207e693434cb9.camel@sipsolutions.net>
Date: Wed, 29 Apr 2020 21:21:15 +0200
From: Johannes Berg <johannes@...solutions.net>
To: Jakub Kicinski <kuba@...nel.org>
Cc: netdev@...r.kernel.org, Antonio Quartulli <ordex@...istici.org>,
linux-wireless@...r.kernel.org
Subject: Re: [PATCH 4/7] netlink: extend policy range validation
On Wed, 2020-04-29 at 11:10 -0700, Jakub Kicinski wrote:
> > +static int nla_validate_int_range_unsigned(const struct nla_policy *pt,
> > + const struct nlattr *nla,
> > + struct netlink_ext_ack *extack)
> > {
> > - bool validate_min, validate_max;
> > - s64 value;
> > + struct netlink_range_validation _range = {
> > + .min = 0,
> > + .max = U64_MAX,
> > + }, *range = &_range;
> > + u64 value;
> >
> > - validate_min = pt->validation_type == NLA_VALIDATE_RANGE ||
> > - pt->validation_type == NLA_VALIDATE_MIN;
> > - validate_max = pt->validation_type == NLA_VALIDATE_RANGE ||
> > - pt->validation_type == NLA_VALIDATE_MAX;
> > + WARN_ON_ONCE(pt->min < 0 || pt->max < 0);
>
> I'm probably missing something, but in case of NLA_VALIDATE_RANGE_PTR
> aren't min and max invalid (union has the range pointer set, so this
> will read 2 bytes of the pointer).
No, you're right of course. It's reading 4 bytes, actually, they're both
s16. Which I did because that's the maximum range that doesn't increase
the size on 32-bit.
I could move it into the switch, but, hm.. the unused ones (min/max if
only one is used) should be 0, so I guess just
WARN_ON_ONCE(pt->validation_type != NLA_VALIDATE_RANGE_PTR &&
(pt->min < 0 || pt->max < 0));
will be fine.
Thanks!
johannes
Powered by blists - more mailing lists