| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 06 Oct 2020 08:37:01 +0200
From: Johannes Berg <johannes@...solutions.net>
To: Jakub Kicinski <kuba@...nel.org>
Cc: Michal Kubecek <mkubecek@...e.cz>, davem@...emloft.net,
netdev@...r.kernel.org, kernel-team@...com, jiri@...nulli.us,
andrew@...n.ch, dsahern@...il.com, pablo@...filter.org
Subject: Re: [PATCH net-next 5/6] netlink: add mask validation
On Mon, 2020-10-05 at 15:21 -0700, Jakub Kicinski wrote:
> > > Nice, easy & useful, maybe I'll code it up tomorrow.
> >
> > OK I thought about it a bit more and looked at the code, and it's not
> > actually possible to do easily right now, because we can't actually
> > point to the bad attribute from the general lib/nlattr.c code ...
> >
> > Why? Because we don't know right now, e.g. for nla_validate(), where in
> > the message we started validation, i.e. the offset of the "head" inside
> > the particular message.
> >
> > For nlmsg_parse() and friends that's a bit easier, but it needs more
> > rejiggering than I'm willing to do tonight ;)
>
> I thought we'd record the const struct nla_policy *tp for the failing
> attr in struct netlink_ext_ack and output based on that.
We could, but it's a bit useless if you know "which" attribute caused
the issue, but you don't know where it was in the message? That way you
wouldn't know the nesting level etc.
I mean, we actually have that problem today - the generic lib/nlattr.c
policy violation doesn't tell you where exactly the problem occurred, so
it'd be good to fix that regardless.
johannes
Powered by blists - more mailing lists