From patchwork Tue Dec 5 19:55:40 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 844902 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="NjOlqPXg"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3yrstj6qlRz9t3r for ; Wed, 6 Dec 2017 06:55:57 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752018AbdLETz5 (ORCPT ); Tue, 5 Dec 2017 14:55:57 -0500 Received: from mail-pf0-f195.google.com ([209.85.192.195]:38763 "EHLO mail-pf0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751904AbdLETzr (ORCPT ); Tue, 5 Dec 2017 14:55:47 -0500 Received: by mail-pf0-f195.google.com with SMTP id u25so946615pfg.5 for ; Tue, 05 Dec 2017 11:55:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=BW2LtbC+iUTxYpmvnY3uodFGqvg7tl59MHKdJ0RFlHo=; b=NjOlqPXguZTVW5S39++neu7NSIOBW9OXP+E28O5CXNSUceCAe9InJLMbOPo7GhlljR zARSLop9QOL/ePA8mN6HgHhATd0qLXQyVkledrB1lz/NKNjbZyNC7mlkjLRh25x1JhMr u4etrjBvzjJ5hzYFIh+nxjxqA7PND3ECfaVRIIL0700B1IuS+9AdaHWHBakH3wLYVZ8D 9D5l6Z53ZmqpEJ7bYZeOiWI0jdLGIOzsVi8AApd2H0W9GHN8kcHizPD19bPjbsANTaay wNcV1G64vBrVJxfDbmWYAeG0M2o5qNMBC81G9EijOpfTZ4pqpkCwKyRanfTmRkhkygVN jeRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=BW2LtbC+iUTxYpmvnY3uodFGqvg7tl59MHKdJ0RFlHo=; b=dpHHL1cA2sNXkNRlrHCxuGTUgsr2sT/A5XjmEo5DJdvWcIaTOVr2x+LI+R+HA5jv0l Gbwn7t7PMc+QY8SO9UpozJy+UNzdbzlulgbYW89wdkbm+/jv3MXrNl97zgwXoAEOc3Ql 7lyDCxi6H8BVIQjzuloje/uaXAWOdOSLG2wzcQgmnyQnOIa1S4nBY+T7qk9LXiJqB55j yF0VGCJ4Sy5rwLZqmX61DDZ/SU2haog9mWYO1oSSD06QaVS8tnEf32f3wLJRy9IFmg3I CB7wFKIcWNZgvGFv8ldqj84TcsrRzy/0b05jxWEd3Po1tGcXO3xd1DsRrWNfB/oe7lSy lcLg== X-Gm-Message-State: AJaThX7K/JgTBFaPJhrbejAqoincN/wt5Upqw4EqNK2HhsH05kZ6mH66 0taZk6CT0Wf5rTKIwWzyWQwSvA== X-Google-Smtp-Source: AGs4zMaNDtUnC5/xuhcirNOQpnCPpPwescjdCyL0wHJyxVibNU4k7ycB7rC4j/TQsd87ShcN45oZ2w== X-Received: by 10.84.128.78 with SMTP id 72mr19047855pla.96.1512503746680; Tue, 05 Dec 2017 11:55:46 -0800 (PST) Received: from localhost.localdomain ([216.129.126.118]) by smtp.gmail.com with ESMTPSA id v43sm1142961pgn.65.2017.12.05.11.55.44 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 05 Dec 2017 11:55:44 -0800 (PST) From: David Ahern To: netdev@vger.kernel.org Cc: David Ahern Subject: [PATCH net] netlink: Relax attr validation for fixed length types Date: Tue, 5 Dec 2017 12:55:40 -0700 Message-Id: <20171205195540.41822-1-dsahern@gmail.com> X-Mailer: git-send-email 2.13.6 (Apple Git-96) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Commit 28033ae4e0f5 ("net: netlink: Update attr validation to require exact length for some types") requires attributes using types NLA_U* and NLA_S* to have an exact length. This change is exposing bugs in various userspace commands that are sending attributes with an invalid length (e.g., attribute has type NLA_U8 and userspace sends NLA_U32). While the commands are clearly broken and need to be fixed, users are arguing that the sudden change in enforcement is breaking older commands on newer kernels for use cases that otherwise "worked". Relax the validation to print a warning mesage similar to what is done for messages containing extra bytes after parsing. Fixes: 28033ae4e0f5 ("net: netlink: Update attr validation to require exact length for some types") Signed-off-by: David Ahern Reviewed-by: Johannes Berg --- lib/nlattr.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/lib/nlattr.c b/lib/nlattr.c index 8bf78b4b78f0..6122662906c8 100644 --- a/lib/nlattr.c +++ b/lib/nlattr.c @@ -28,8 +28,16 @@ static const u8 nla_attr_len[NLA_TYPE_MAX+1] = { }; static const u8 nla_attr_minlen[NLA_TYPE_MAX+1] = { + [NLA_U8] = sizeof(u8), + [NLA_U16] = sizeof(u16), + [NLA_U32] = sizeof(u32), + [NLA_U64] = sizeof(u64), [NLA_MSECS] = sizeof(u64), [NLA_NESTED] = NLA_HDRLEN, + [NLA_S8] = sizeof(s8), + [NLA_S16] = sizeof(s16), + [NLA_S32] = sizeof(s32), + [NLA_S64] = sizeof(s64), }; static int validate_nla_bitfield32(const struct nlattr *nla, @@ -70,10 +78,9 @@ static int validate_nla(const struct nlattr *nla, int maxtype, BUG_ON(pt->type > NLA_TYPE_MAX); /* for data types NLA_U* and NLA_S* require exact length */ - if (nla_attr_len[pt->type]) { - if (attrlen != nla_attr_len[pt->type]) - return -ERANGE; - return 0; + if (nla_attr_len[pt->type] && attrlen != nla_attr_len[pt->type]) { + pr_warn_ratelimited("netlink: '%s': attribute type %d has an invalid length.\n", + current->comm, type); } switch (pt->type) {