From patchwork Fri Jan 18 18:46:20 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jakub Kicinski <jakub.kicinski@netronome.com>
X-Patchwork-Id: 1027697
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=netronome.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=netronome-com.20150623.gappssmtp.com
	header.i=@netronome-com.20150623.gappssmtp.com
	header.b="2Rt/WV41"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 43h90P3wVxz9sCh
	for <patchwork-incoming-netdev@ozlabs.org>;
	Sat, 19 Jan 2019 05:47:01 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1729097AbfARSqu (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Fri, 18 Jan 2019 13:46:50 -0500
Received: from mail-qt1-f193.google.com ([209.85.160.193]:41753 "EHLO
	mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1729074AbfARSqq (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 18 Jan 2019 13:46:46 -0500
Received: by mail-qt1-f193.google.com with SMTP id l12so16297047qtf.8
	for <netdev@vger.kernel.org>; Fri, 18 Jan 2019 10:46:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=netronome-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=Wj7kiUKjc6+lve4hC6X8y94LwxFgGERig0+96m2NtnI=;
	b=2Rt/WV416W/Wu8I3mugs72Tz8WWCxqnh8CXXRF2CkxJFUksHxid+ppJlgFpLIVvlbL
	NabmwMpRHAXoa7U/4Bx22DRtUq71k+dHi6ffmgLem3qYZkNH0EzuHujdx/dmBbSIdpEy
	ZhQP1klU+E+cC8kXo87dK2Npx4LyD7AdYXKRCW5bTeybx9+0WiFrGWasf2Do+jUoLK4n
	MxZ0odAv5pmRJbKUX9qSL/QstWur1IcIC1wJ4l1ABASHp6jQjJWKjQ35KySLMdoe6if8
	mZ7MzFXPD/bVG77jZ9K3hYlMc/L54SHE3z4i6SvLZhTyTuIcasBZxSXWvlK/ULk4K7P7
	jmhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=Wj7kiUKjc6+lve4hC6X8y94LwxFgGERig0+96m2NtnI=;
	b=H9nFThnHos+YRtWj92QQ8z9O9l7eyv2l8ZMtdKKRu00bDeT/Fme2HwzmII561hc0eA
	I5E1mb3Sxre2bYTL+aLKUbKvhFLECnlIdr1x7YVPfNV+WsSr9BCfQQI9DYLQdQ68+Mtv
	E1vidS2PwL2TwAX2x6qZdNQYeJ1mUylPdUsW7ZeR+ksBMFyP12ZIznaxj6M7VaSREb+P
	rMHdXN+CfjdHYikQVi2iOqpslcWRQRIQqeiZkVuboLwl4+a4+Gu20pp9oKI99orJ3Ewi
	0HNXSG6nHw105Z51tR8u/4eav5rrDRF3WeMksipYsSM+7zr8kpjIhigLh09bXLGm0zBH
	YINw==
X-Gm-Message-State: AJcUukfRISV86pb5Co1Qqqpgw6z+TimNrNjglrWHnZFlozOQwcI5N/62
	Eg77n+DAw1jUg5dk+TNFfJj6xA==
X-Google-Smtp-Source: 
 ALg8bN41OmWNN/CN5PUdatiZphsZrObEGgneWlIYa24S/G9GF7gPc1IP0lUZikn3sjbQ2ru0vtVXAw==
X-Received: by 2002:a0c:d1f5:: with SMTP id
	k50mr16896743qvh.247.1547837205824;
	Fri, 18 Jan 2019 10:46:45 -0800 (PST)
Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14])
	by smtp.gmail.com with ESMTPSA id
	l4sm12467794qtf.22.2019.01.18.10.46.44
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 18 Jan 2019 10:46:45 -0800 (PST)
From: Jakub Kicinski <jakub.kicinski@netronome.com>
To: davem@davemloft.net, dsahern@gmail.com
Cc: netdev@vger.kernel.org, oss-drivers@netronome.com,
	Jakub Kicinski <jakub.kicinski@netronome.com>
Subject: [PATCH net-next v2 08/14] net: ipv4: ipmr: perform strict checks
	also for doit handlers
Date: Fri, 18 Jan 2019 10:46:20 -0800
Message-Id: <20190118184626.24021-9-jakub.kicinski@netronome.com>
X-Mailer: git-send-email 2.19.2
In-Reply-To: <20190118184626.24021-1-jakub.kicinski@netronome.com>
References: <20190118184626.24021-1-jakub.kicinski@netronome.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Make RTM_GETROUTE's doit handler use strict checks when
NETLINK_F_STRICT_CHK is set.

v2: - improve extack messages (DaveA).

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
---
 net/ipv4/ipmr.c | 61 +++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 56 insertions(+), 5 deletions(-)

diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index ddbf8c9a1abb..fb99002c3d4e 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -2467,6 +2467,61 @@ static void igmpmsg_netlink_event(struct mr_table *mrt, struct sk_buff *pkt)
 	rtnl_set_sk_err(net, RTNLGRP_IPV4_MROUTE_R, -ENOBUFS);
 }
 
+static int ipmr_rtm_valid_getroute_req(struct sk_buff *skb,
+				       const struct nlmsghdr *nlh,
+				       struct nlattr **tb,
+				       struct netlink_ext_ack *extack)
+{
+	struct rtmsg *rtm;
+	int i, err;
+
+	if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*rtm))) {
+		NL_SET_ERR_MSG(extack, "ipv4: Invalid header for multicast route get request");
+		return -EINVAL;
+	}
+
+	if (!netlink_strict_get_check(skb))
+		return nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX,
+				   rtm_ipv4_policy, extack);
+
+	rtm = nlmsg_data(nlh);
+	if ((rtm->rtm_src_len && rtm->rtm_src_len != 32) ||
+	    (rtm->rtm_dst_len && rtm->rtm_dst_len != 32) ||
+	    rtm->rtm_tos || rtm->rtm_table || rtm->rtm_protocol ||
+	    rtm->rtm_scope || rtm->rtm_type || rtm->rtm_flags) {
+		NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for multicast route get request");
+		return -EINVAL;
+	}
+
+	err = nlmsg_parse_strict(nlh, sizeof(*rtm), tb, RTA_MAX,
+				 rtm_ipv4_policy, extack);
+	if (err)
+		return err;
+
+	if ((tb[RTA_SRC] && !rtm->rtm_src_len) ||
+	    (tb[RTA_DST] && !rtm->rtm_dst_len)) {
+		NL_SET_ERR_MSG(extack, "ipv4: rtm_src_len and rtm_dst_len must be 32 for IPv4");
+		return -EINVAL;
+	}
+
+	for (i = 0; i <= RTA_MAX; i++) {
+		if (!tb[i])
+			continue;
+
+		switch (i) {
+		case RTA_SRC:
+		case RTA_DST:
+		case RTA_TABLE:
+			break;
+		default:
+			NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in multicast route get request");
+			return -EINVAL;
+		}
+	}
+
+	return 0;
+}
+
 static int ipmr_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh,
 			     struct netlink_ext_ack *extack)
 {
@@ -2475,18 +2530,14 @@ static int ipmr_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh,
 	struct sk_buff *skb = NULL;
 	struct mfc_cache *cache;
 	struct mr_table *mrt;
-	struct rtmsg *rtm;
 	__be32 src, grp;
 	u32 tableid;
 	int err;
 
-	err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX,
-			  rtm_ipv4_policy, extack);
+	err = ipmr_rtm_valid_getroute_req(in_skb, nlh, tb, extack);
 	if (err < 0)
 		goto errout;
 
-	rtm = nlmsg_data(nlh);
-
 	src = tb[RTA_SRC] ? nla_get_in_addr(tb[RTA_SRC]) : 0;
 	grp = tb[RTA_DST] ? nla_get_in_addr(tb[RTA_DST]) : 0;
 	tableid = tb[RTA_TABLE] ? nla_get_u32(tb[RTA_TABLE]) : 0;