| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Sep 2022 17:49:46 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: Jakub Kicinski <kuba@...nel.org>
Cc: davem@...emloft.net, netdev@...r.kernel.org, edumazet@...gle.com,
pabeni@...hat.com, Johannes Berg <johannes@...solutions.net>,
Nikolay Aleksandrov <razor@...ckwall.org>,
Nicolas Dichtel <nicolas.dichtel@...nd.com>,
Guillaume Nault <gnault@...hat.com>,
Florent Fourcot <florent.fourcot@...irst.fr>,
Florian Westphal <fw@...len.de>,
Jamal Hadi Salim <jhs@...atatu.com>,
Jacob Keller <jacob.e.keller@...el.com>,
Hangbin Liu <liuhangbin@...il.com>
Subject: Re: [PATCH net-next RESEND] genetlink: reject use of nlmsg_flags for
new commands
On Thu, Sep 29, 2022 at 08:06:50AM -0700, Jakub Kicinski wrote:
> On Thu, 29 Sep 2022 16:53:34 +0200 Pablo Neira Ayuso wrote:
> > > + flags = nlh->nlmsg_flags;
> > > + if ((flags & NLM_F_DUMP) == NLM_F_DUMP) /* DUMP is 2 bits */
> > > + flags &= ~NLM_F_DUMP;
> >
> > no bail out for incorrectly set NLM_F_DUMP flag?
>
> Incorrectly? Special handling is because we want to make sure both bits
> are set for DUMP, if they are not we'll not clear them here and the
> condition below will fire. Or do you mean some other incorrectness?
I have seen software in the past setting only one of the bits in the
NLM_F_DUMP bitmask to request a dump. I agree that userspace software
relying in broken semantics and that software should be fixed. What I
am discussing if silently clearing the 2 bits is the best approach.
Powered by blists - more mailing lists