lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Z/awKFETLHDwN6dE@pop-os.localdomain>
Date: Wed, 9 Apr 2025 10:36:40 -0700
From: Cong Wang <xiyou.wangcong@...il.com>
To: Toke Høiland-Jørgensen <toke@...hat.com>
Cc: Jamal Hadi Salim <jhs@...atatu.com>, Jiri Pirko <jiri@...nulli.us>,
	Ilya Maximets <i.maximets@...hat.com>,
	Frode Nordahl <frode.nordahl@...onical.com>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Simon Horman <horms@...nel.org>, netdev@...r.kernel.org
Subject: Re: [PATCH net] tc: Ensure we have enough buffer space when sending
 filter netlink notifications

On Mon, Apr 07, 2025 at 12:55:34PM +0200, Toke Høiland-Jørgensen wrote:
> +static struct sk_buff *tfilter_notify_prep(struct net *net,
> +					   struct sk_buff *oskb,
> +					   struct nlmsghdr *n,
> +					   struct tcf_proto *tp,
> +					   struct tcf_block *block,
> +					   struct Qdisc *q, u32 parent,
> +					   void *fh, int event,
> +					   u32 portid, bool rtnl_held,
> +					   struct netlink_ext_ack *extack)
> +{
> +	unsigned int size = oskb ? max(NLMSG_GOODSIZE, oskb->len) : NLMSG_GOODSIZE;
> +	struct sk_buff *skb;
> +	int ret;
> +
> +retry:
> +	skb = alloc_skb(size, GFP_KERNEL);
> +	if (!skb)
> +		return ERR_PTR(-ENOBUFS);
> +
> +	ret = tcf_fill_node(net, skb, tp, block, q, parent, fh, portid,
> +			    n->nlmsg_seq, n->nlmsg_flags, event, false,
> +			    rtnl_held, extack);
> +	if (ret <= 0) {
> +		kfree_skb(skb);
> +		if (ret == -EMSGSIZE) {
> +			size += NLMSG_GOODSIZE;
> +			goto retry;

It is a bit concerning to see this technically unbound loop.

> +		}
> +		return ERR_PTR(-EINVAL);

I think you probably want to propagate the error code from
tcf_fill_node() here.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ