| Message ID | 20190117225300.8006-7-jakub.kicinski@netronome.com |
|---|---|
| State | Superseded |
| Delegated to: | David Miller |
| Headers | show |
| Series | net: use strict checks in doit handlers | expand |
Le 17/01/2019 à 23:52, Jakub Kicinski a écrit : > Make RTM_GETNSID's doit handler use strict checks when > NETLINK_F_STRICT_CHK is set. > > Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> > --- > CC: ktkhai@virtuozzo.com > CC: nicolas.dichtel@6wind.com > --- > net/core/net_namespace.c | 43 ++++++++++++++++++++++++++++++++++++++-- > 1 file changed, 41 insertions(+), 2 deletions(-) > > diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c > index b02fb19df2cc..1b45e3ab2b65 100644 > --- a/net/core/net_namespace.c > +++ b/net/core/net_namespace.c > @@ -778,6 +778,46 @@ static int rtnl_net_fill(struct sk_buff *skb, struct net_fill_args *args) > return -EMSGSIZE; > } > > +static int rtnl_net_valid_getid_req(struct sk_buff *skb, > + const struct nlmsghdr *nlh, > + struct nlattr **tb, > + struct netlink_ext_ack *extack) > +{ > + int i, err; > + > + if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct rtgenmsg))) { This is not possible, the check is already done in rtnetlink_rcv_msg(). Regards, Nicolas
On Fri, 18 Jan 2019 09:17:46 +0100, Nicolas Dichtel wrote: > > +static int rtnl_net_valid_getid_req(struct sk_buff *skb, > > + const struct nlmsghdr *nlh, > > + struct nlattr **tb, > > + struct netlink_ext_ack *extack) > > +{ > > + int i, err; > > + > > + if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct rtgenmsg))) { > This is not possible, the check is already done in rtnetlink_rcv_msg(). Good point, thanks!
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index b02fb19df2cc..1b45e3ab2b65 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -778,6 +778,46 @@ static int rtnl_net_fill(struct sk_buff *skb, struct net_fill_args *args) return -EMSGSIZE; } +static int rtnl_net_valid_getid_req(struct sk_buff *skb, + const struct nlmsghdr *nlh, + struct nlattr **tb, + struct netlink_ext_ack *extack) +{ + int i, err; + + if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct rtgenmsg))) { + NL_SET_ERR_MSG(extack, "Invalid header for peer netns getid"); + return -EINVAL; + } + + if (!netlink_strict_get_check(skb)) + return nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, NETNSA_MAX, + rtnl_net_policy, extack); + + err = nlmsg_parse_strict(nlh, sizeof(struct rtgenmsg), tb, NETNSA_MAX, + rtnl_net_policy, extack); + if (err) + return err; + + for (i = 0; i <= NETNSA_MAX; i++) { + if (!tb[i]) + continue; + + switch (i) { + case NETNSA_PID: + case NETNSA_FD: + case NETNSA_NSID: + case NETNSA_TARGET_NSID: + break; + default: + NL_SET_ERR_MSG(extack, "Unsupported attribute in peer netns getid request"); + return -EINVAL; + } + } + + return 0; +} + static int rtnl_net_getid(struct sk_buff *skb, struct nlmsghdr *nlh, struct netlink_ext_ack *extack) { @@ -793,8 +833,7 @@ static int rtnl_net_getid(struct sk_buff *skb, struct nlmsghdr *nlh, struct sk_buff *msg; int err; - err = nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, NETNSA_MAX, - rtnl_net_policy, extack); + err = rtnl_net_valid_getid_req(skb, nlh, tb, extack); if (err < 0) return err; if (tb[NETNSA_PID]) {
Make RTM_GETNSID's doit handler use strict checks when NETLINK_F_STRICT_CHK is set. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> --- CC: ktkhai@virtuozzo.com CC: nicolas.dichtel@6wind.com --- net/core/net_namespace.c | 43 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-)