lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue, 18 Aug 2020 10:15:58 +0200
From:   Johannes Berg <>
To:     "" <>
Subject: Re: [PATCH 3/3] netlink: make NLA_BINARY validation more flexible

> +       if (pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG &&
> +           pt->type == NLA_BINARY && value > range.max) {
> +               pr_warn_ratelimited("netlink: '%s': attribute type %d has an invalid length.\n",
> +                                   current->comm, pt->type);
> +               if (validate & NL_VALIDATE_STRICT_ATTRS) {
> +                       NL_SET_ERR_MSG_ATTR(extack, nla,
> +                                           "invalid attribute length");
> +                       return -EINVAL;
> +               }
> +
> +               /* this assumes min < max (don't validate against min) */
> +               return 0;

This (return 0) is the only change since the RFC - otherwise we hit the
error return a few lines later, obviously.

I decided that min > max was nonsense and we don't really need to
validate that the attribute is >=min when it was >max already.

Though in theory, of course, somebody could specify such nonsense, I
just don't think it's reasonable. It's also very difficult to use
because we only have the NLA_POLICY_EXACT_LEN_WARN() macro using this,
so specifying min/max *and* NLA_VALIDATE_RANGE_WARN_TOO_LONG would take
some special dedication ...

Now that I read this again though of course I see that the comment is
wrong, it needs to of course say "min <= max". I'll send v2...


Powered by blists - more mailing lists