| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Feb 2021 17:50:58 +0100
From: Sabrina Dubroca <sd@...asysnail.net>
To: netdev@...r.kernel.org
Cc: dsahern@...il.com, stephen@...workplumber.org,
Sabrina Dubroca <sd@...asysnail.net>,
Paul Wouters <pwouters@...hat.com>
Subject: [PATCH iproute2] ip: xfrm: add NUL character to security context name before printing
Security context names are not guaranteed to be NUL-terminated by the
kernel, so we can't just print them using %s directly. The length of
the string is capped by the size of the netlink attribute (u16), so it
will always fit within 65535 bytes.
While at it, factor that out to a separate function, since the exact
same code is used to print the security context for both policies and
states.
Fixes: b2bb289a57fe ("xfrm security context support")
Reported-by: Paul Wouters <pwouters@...hat.com>
Signed-off-by: Sabrina Dubroca <sd@...asysnail.net>
---
ip/ipxfrm.c | 46 ++++++++++++++++++++--------------------------
1 file changed, 20 insertions(+), 26 deletions(-)
diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index e4a72bd06778..3fc0e13ef112 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -916,6 +916,22 @@ static int xfrm_selector_iszero(struct xfrm_selector *s)
return (memcmp(&s0, s, sizeof(s0)) == 0);
}
+static void xfrm_sec_ctx_print(FILE *fp, struct rtattr *attr)
+{
+ struct xfrm_user_sec_ctx *sctx;
+ char buf[65536] = {};
+
+ fprintf(fp, "\tsecurity context ");
+
+ if (RTA_PAYLOAD(attr) < sizeof(*sctx))
+ fprintf(fp, "(ERROR truncated)");
+
+ sctx = RTA_DATA(attr);
+
+ memcpy(buf, (char *)(sctx + 1), sctx->ctx_len);
+ fprintf(fp, "%s %s", buf, _SL_);
+}
+
void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
struct rtattr *tb[], FILE *fp, const char *prefix,
const char *title, bool nokeys)
@@ -983,19 +999,8 @@ void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
xfrm_stats_print(&xsinfo->stats, fp, buf);
}
- if (tb[XFRMA_SEC_CTX]) {
- struct xfrm_user_sec_ctx *sctx;
-
- fprintf(fp, "\tsecurity context ");
-
- if (RTA_PAYLOAD(tb[XFRMA_SEC_CTX]) < sizeof(*sctx))
- fprintf(fp, "(ERROR truncated)");
-
- sctx = RTA_DATA(tb[XFRMA_SEC_CTX]);
-
- fprintf(fp, "%s %s", (char *)(sctx + 1), _SL_);
- }
-
+ if (tb[XFRMA_SEC_CTX])
+ xfrm_sec_ctx_print(fp, tb[XFRMA_SEC_CTX]);
}
void xfrm_policy_info_print(struct xfrm_userpolicy_info *xpinfo,
@@ -1006,19 +1011,8 @@ void xfrm_policy_info_print(struct xfrm_userpolicy_info *xpinfo,
xfrm_selector_print(&xpinfo->sel, preferred_family, fp, title);
- if (tb[XFRMA_SEC_CTX]) {
- struct xfrm_user_sec_ctx *sctx;
-
- fprintf(fp, "\tsecurity context ");
-
- if (RTA_PAYLOAD(tb[XFRMA_SEC_CTX]) < sizeof(*sctx))
- fprintf(fp, "(ERROR truncated)");
-
- sctx = RTA_DATA(tb[XFRMA_SEC_CTX]);
-
- fprintf(fp, "%s ", (char *)(sctx + 1));
- fprintf(fp, "%s", _SL_);
- }
+ if (tb[XFRMA_SEC_CTX])
+ xfrm_sec_ctx_print(fp, tb[XFRMA_SEC_CTX]);
if (prefix)
strlcat(buf, prefix, sizeof(buf));
--
2.30.1
Powered by blists - more mailing lists