lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 29 Sep 2022 08:06:50 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Pablo Neira Ayuso <pablo@...filter.org>
Cc:     davem@...emloft.net, netdev@...r.kernel.org, edumazet@...gle.com,
        pabeni@...hat.com, Johannes Berg <johannes@...solutions.net>,
        Nikolay Aleksandrov <razor@...ckwall.org>,
        Nicolas Dichtel <nicolas.dichtel@...nd.com>,
        Guillaume Nault <gnault@...hat.com>,
        Florent Fourcot <florent.fourcot@...irst.fr>,
        Florian Westphal <fw@...len.de>,
        Jamal Hadi Salim <jhs@...atatu.com>,
        Jacob Keller <jacob.e.keller@...el.com>,
        Hangbin Liu <liuhangbin@...il.com>
Subject: Re: [PATCH net-next RESEND] genetlink: reject use of nlmsg_flags
 for new commands

On Thu, 29 Sep 2022 16:53:34 +0200 Pablo Neira Ayuso wrote:
> > +	flags = nlh->nlmsg_flags;
> > +	if ((flags & NLM_F_DUMP) == NLM_F_DUMP) /* DUMP is 2 bits */
> > +		flags &= ~NLM_F_DUMP;  
> 
> no bail out for incorrectly set NLM_F_DUMP flag?

Incorrectly? Special handling is because we want to make sure both bits
are set for DUMP, if they are not we'll not clear them here and the
condition below will fire. Or do you mean some other incorrectness?

> > +	if (flags & ~(NLM_F_REQUEST | NLM_F_ACK | NLM_F_ECHO)) {
> > +		NL_SET_ERR_MSG(extack,
> > +			       "ambiguous or reserved bits set in nlmsg_flags");
> > +		return -EINVAL;  
> 
> While adding new netlink flags is a very rare event, this is going to
> make it harder to add new flags to be added in the future, else
> userspace has to probe for supported flags first.

The only difference in terms of probing is whether the unsupported
case silently ignores the flag or reports a clear error. So I think
I'm only making things better there.

> Regarding error reporting - even if error reporting in netlink is also
> not consistent accross subsystems - I think EINVAL should be used for
> malformed netlink messages, eg. a message that is missing a mandatory
> attribute.
> 
> EOPNOTSUPP might be a better pick?

All current "reserved bits" checking I know of return -EINVAL 
(the strict checks in the ip stack and policy based checks).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ