| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230801081117.GA53714@unreal> Date: Tue, 1 Aug 2023 11:11:17 +0300 From: Leon Romanovsky <leon@...nel.org> To: Jakub Kicinski <kuba@...nel.org> Cc: Lin Ma <linma@....edu.cn>, davem@...emloft.net, edumazet@...gle.com, pabeni@...hat.com, fw@...len.de, yang.lee@...ux.alibaba.com, jgg@...pe.ca, markzhang@...dia.com, phaddad@...dia.com, yuancan@...wei.com, ohartoov@...dia.com, chenzhongjin@...wei.com, aharonl@...dia.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, linux-rdma@...r.kernel.org Subject: Re: [PATCH net v1 1/2] netlink: let len field used to parse type-not-care nested attrs On Mon, Jul 31, 2023 at 12:03:26PM -0700, Jakub Kicinski wrote: > On Mon, 31 Jul 2023 20:12:47 +0800 Lin Ma wrote: > > In short, the very direct idea to fix such lengh-check-forgotten bug is > > add nla_len() checks like > > > > if (nla_len(nla) < SOME_LEN) > > return -EINVAL; > > > > However, this is tedious and just like Leon said: add another layer of > > cabal knowledge. The better solution should leverage the nla_policy and > > discard nlattr whose length is invalid when doing parsing. That is, we > > should defined a nested_policy for the X above like > > Hard no. Putting array index into attr type is an advanced case and the > parsing code has to be able to deal with low level netlink details. Jakub, IMHO, you are lowering too much the separation line between simple vs. advanced use cases. I had no idea that my use-case of passing nested netlink array is counted as advanced usage. Thanks
Powered by blists - more mailing lists