From patchwork Fri Sep 11 01:54:53 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ken-ichirou MATSUZAWA X-Patchwork-Id: 516528 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id CF459140180 for ; Fri, 11 Sep 2015 11:55:17 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b=EXq5HYyS; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750973AbbIKBy7 (ORCPT ); Thu, 10 Sep 2015 21:54:59 -0400 Received: from mail-pa0-f42.google.com ([209.85.220.42]:33264 "EHLO mail-pa0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750827AbbIKBy6 (ORCPT ); Thu, 10 Sep 2015 21:54:58 -0400 Received: by pacex6 with SMTP id ex6so59571848pac.0 for ; Thu, 10 Sep 2015 18:54:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:mime-version:content-type :content-disposition:user-agent; bh=RRBAkj774dac8nP2CdzCI3iiHIFrZxJhrWq30/WFBys=; b=EXq5HYySjB7C8eiFpmYLMn4iY2S1OuKMoDVrhYXZPZrKtSs/8ZeoquLr4fNwnfSKhO XI4oymUR/dWLq/+gf3hvqUllCR625lzyuzPnwvvptjKTEQklQSIFnKAKRWsx6v8B7aGj mTu8QCq6AtF4wjIub5EEfzOe0v0OdCrO1txGquagP4TycSqYtekTaQA+5dfPzi95qVwx uwjJkIkF1HFB/SRu1D61gyRmJKSdmAsqXKeRmkCrv3MfuOj0t8kxnba0gMBjcXUwaCwY +nULiIA3dboN5/8FgkLhEXYnBRnsOqhIdgBFlX2obP5C72irfA/acdSLF4ZJhiM7wZpl e6Zg== X-Received: by 10.66.136.102 with SMTP id pz6mr80476198pab.52.1441936497864; Thu, 10 Sep 2015 18:54:57 -0700 (PDT) Received: from gmail.com (softbank220009032004.bbtec.net. [220.9.32.4]) by smtp.gmail.com with ESMTPSA id xm9sm14417852pbc.32.2015.09.10.18.54.56 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 10 Sep 2015 18:54:57 -0700 (PDT) Date: Fri, 11 Sep 2015 10:54:53 +0900 From: Ken-ichirou MATSUZAWA To: The netfilter developer mailinglist Subject: [lnf-queue PATCH] nlmsg: add lacking attributes validation Message-ID: <20150911015452.GA6310@gmail.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This patch adds four (actually two) attributes validation with comparing to current kernel header. Signed-off-by: Ken-ichirou MATSUZAWA --- src/nlmsg.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/nlmsg.c b/src/nlmsg.c index cabd8be..ba28c77 100644 --- a/src/nlmsg.c +++ b/src/nlmsg.c @@ -140,6 +140,7 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data) case NFQA_SECCTX: case NFQA_UID: case NFQA_GID: + case NFQA_CT_INFO: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) return MNL_CB_ERROR; break; @@ -155,7 +156,15 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data) return MNL_CB_ERROR; } break; + case NFQA_PACKET_HDR: + if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC, + sizeof(struct nfqnl_msg_packet_hdr)) < 0) { + return MNL_CB_ERROR; + } + break; case NFQA_PAYLOAD: + case NFQA_CT: + case NFQA_EXP: break; } tb[type] = attr;