[lnf-queue] nlmsg: add lacking attributes validation

Message ID	20150911015452.GA6310@gmail.com
State	Accepted
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> Date: Fri, 11 Sep 2015 10:54:53 +0900 From: Ken-ichirou MATSUZAWA <chamaken@gmail.com> To: The netfilter developer mailinglist <netfilter-devel@vger.kernel.org> Subject: [lnf-queue PATCH] nlmsg: add lacking attributes validation Message-ID: <20150911015452.GA6310@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk

Message ID

20150911015452.GA6310@gmail.com

State

Accepted

Delegated to:

Pablo Neira

Headers

Date: Fri, 11 Sep 2015 10:54:53 +0900
From: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
To: The netfilter developer mailinglist 
	<netfilter-devel@vger.kernel.org>
Subject: [lnf-queue PATCH] nlmsg: add lacking attributes validation
Message-ID: <20150911015452.GA6310@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

This patch adds four (actually two) attributes validation with comparing to current kernel header. Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp> --- src/nlmsg.c | 9 +++++++++ 1 file changed, 9 insertions(+)

Comments

Pablo Neira Ayuso Oct. 5, 2015, 3:36 p.m. UTC | #1

On Fri, Sep 11, 2015 at 10:54:53AM +0900, Ken-ichirou MATSUZAWA wrote:
> This patch adds four (actually two) attributes validation with
> comparing to current kernel header.

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/src/nlmsg.c b/src/nlmsg.c
index cabd8be..ba28c77 100644
--- a/src/nlmsg.c
+++ b/src/nlmsg.c
@@ -140,6 +140,7 @@  static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data)
 	case NFQA_SECCTX:
 	case NFQA_UID:
 	case NFQA_GID:
+	case NFQA_CT_INFO:
 		if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
 			return MNL_CB_ERROR;
 		break;
@@ -155,7 +156,15 @@  static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data)
 			return MNL_CB_ERROR;
 		}
 		break;
+	case NFQA_PACKET_HDR:
+		if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC,
+		    sizeof(struct nfqnl_msg_packet_hdr)) < 0) {
+			return MNL_CB_ERROR;
+		}
+		break;
 	case NFQA_PAYLOAD:
+	case NFQA_CT:
+	case NFQA_EXP:
 		break;
 	}
 	tb[type] = attr;

[lnf-queue] nlmsg: add lacking attributes validation

Commit Message

Comments

Patch