lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <52e4619e-d018-4395-a94a-499ff7fd918d@fiberby.net>
Date: Thu, 30 Oct 2025 09:46:24 +0000
From: Asbjørn Sloth Tønnesen <ast@...erby.net>
To: "Jason A. Donenfeld" <Jason@...c4.com>,
 "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
 Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>
Cc: Donald Hunter <donald.hunter@...il.com>, Simon Horman <horms@...nel.org>,
 Jacob Keller <jacob.e.keller@...el.com>, Andrew Lunn
 <andrew+netdev@...n.ch>, wireguard@...ts.zx2c4.com, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next v1 01/11] wireguard: netlink: validate nested
 arrays in policy

On 10/29/25 8:51 PM, Asbjørn Sloth Tønnesen wrote:
> diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlink.c
> index 67f962eb8b46d..9bc76e1bcba2d 100644
> --- a/drivers/net/wireguard/netlink.c
> +++ b/drivers/net/wireguard/netlink.c
> @@ -27,7 +27,7 @@ static const struct nla_policy device_policy[WGDEVICE_A_MAX + 1] = {
>   	[WGDEVICE_A_FLAGS]		= NLA_POLICY_MASK(NLA_U32, __WGDEVICE_F_ALL),
>   	[WGDEVICE_A_LISTEN_PORT]	= { .type = NLA_U16 },
>   	[WGDEVICE_A_FWMARK]		= { .type = NLA_U32 },
> -	[WGDEVICE_A_PEERS]		= { .type = NLA_NESTED }
> +	[WGDEVICE_A_PEERS]		= NLA_POLICY_NESTED_ARRAY(peer_policy),
>   };
>   
>   static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] = {
> @@ -39,7 +39,7 @@ static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] = {
>   	[WGPEER_A_LAST_HANDSHAKE_TIME]			= NLA_POLICY_EXACT_LEN(sizeof(struct __kernel_timespec)),
>   	[WGPEER_A_RX_BYTES]				= { .type = NLA_U64 },
>   	[WGPEER_A_TX_BYTES]				= { .type = NLA_U64 },
> -	[WGPEER_A_ALLOWEDIPS]				= { .type = NLA_NESTED },
> +	[WGPEER_A_ALLOWEDIPS]				= NLA_POLICY_NESTED_ARRAY(allowedip_policy),
>   	[WGPEER_A_PROTOCOL_VERSION]			= { .type = NLA_U32 }
>   };

Oops, I messed this patch up.

I will add forward declarations in v2, which will be removed again once the policy code is generated,
as that will be less messy than reordering the policies.

-- 
pw-bot: changes-requested

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ