From patchwork Fri Jan 18 18:46:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1027698 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="GB08ubGg"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43h90Q5Y0lz9sD9 for ; Sat, 19 Jan 2019 05:47:02 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729090AbfARSqt (ORCPT ); Fri, 18 Jan 2019 13:46:49 -0500 Received: from mail-qt1-f195.google.com ([209.85.160.195]:40059 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728728AbfARSqs (ORCPT ); Fri, 18 Jan 2019 13:46:48 -0500 Received: by mail-qt1-f195.google.com with SMTP id k12so16305482qtf.7 for ; Fri, 18 Jan 2019 10:46:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=awJb6YklO/SDPR0Wl0jLhdD9Seiq0DG7LHdyNrk1nx8=; b=GB08ubGg50rgGG65QvkDKdQ9AhRFJ3DIU8V7xRDNLpUtcc7WjUuMjVDJuHiEQx16gf hJtlEd9T9M9TIW8V8DJgnhkZ8TDmTZk38K52L7JwcjD4CG+5Odh8ZxpGlopskWI2tZ53 dC3iXWQoMwTtTnEF9AF+NwU0VZ2JM+jr8cIyE5JOsOGmZTJui4ztlDoK7fPJ5Qdi5XdH NyyYGnUmdB3tEqG6/CA10IioXob6u3R9h4YFYp46wet34F7xGzD8jFk0pAFa+QaL7uXb Kv+T4q0+li2sR4K2C5IRIZgObMg8wU2jGDc0vgNKzlcE/VKV2NFqd7F8r0Rm6VpXmw49 eAVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=awJb6YklO/SDPR0Wl0jLhdD9Seiq0DG7LHdyNrk1nx8=; b=WXIBvm8dw18TE49sVTPa51X70btCSb15UHHUqX2OkgpUd1Uq270+5nOJpbKsPVnivd GPK/R3AZ6syG+F07pMkFIRrKYD1nfGY99rgqcS5H0UvQGVADlPTZhMn+74oWRV6E8iPo K/LVNVPW2mJrF2FUjzMv6DZgiwXnQhvydSNDMph2K4p9pmBrfRNrBqnQ8eKgVZRIoBR5 ml+y+3SUflFguxCAYiRFBGLHU33eetlHfKHYf8+vOFuzQxWfAjLZsAoHyNOfYUQT1Bp7 OitCdST1EYGVAFFfuRd0z/JisMB4EPahtBxtVVgFNstGscb3le9UVcTOBNcCoyEvECA6 Uuzw== X-Gm-Message-State: AJcUukfBSSiKIKBoi3hVr54/LwJE9/rUWsGn0Yv05BM/wNzsba6U7Sna 8GxMzs+gvb4bElLfROmf82lKQg== X-Google-Smtp-Source: ALg8bN4BWCm+Sb+Bl9n0U4JqTj6HgJNKDojemLSHD6dHgPUOmcja0Xqa73fXLyexHmKn/u+nVFmuUA== X-Received: by 2002:a0c:cb85:: with SMTP id p5mr16640484qvk.162.1547837207099; Fri, 18 Jan 2019 10:46:47 -0800 (PST) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id l4sm12467794qtf.22.2019.01.18.10.46.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 18 Jan 2019 10:46:46 -0800 (PST) From: Jakub Kicinski To: davem@davemloft.net, dsahern@gmail.com Cc: netdev@vger.kernel.org, oss-drivers@netronome.com, Jakub Kicinski Subject: [PATCH net-next v2 09/14] net: ipv6: addr: perform strict checks also for doit handlers Date: Fri, 18 Jan 2019 10:46:21 -0800 Message-Id: <20190118184626.24021-10-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20190118184626.24021-1-jakub.kicinski@netronome.com> References: <20190118184626.24021-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Make RTM_GETADDR's doit handler use strict checks when NETLINK_F_STRICT_CHK is set. Signed-off-by: Jakub Kicinski --- net/ipv6/addrconf.c | 49 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 47 insertions(+), 2 deletions(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 93d5ad2b1a69..339a82cfe5f2 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -5179,6 +5179,52 @@ static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb) return inet6_dump_addr(skb, cb, type); } +static int inet6_rtm_valid_getaddr_req(struct sk_buff *skb, + const struct nlmsghdr *nlh, + struct nlattr **tb, + struct netlink_ext_ack *extack) +{ + struct ifaddrmsg *ifm; + int i, err; + + if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) { + NL_SET_ERR_MSG_MOD(extack, "Invalid header for get address request"); + return -EINVAL; + } + + ifm = nlmsg_data(nlh); + if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) { + NL_SET_ERR_MSG_MOD(extack, "Invalid values in header for get address request"); + return -EINVAL; + } + + if (!netlink_strict_get_check(skb)) + return nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, + ifa_ipv6_policy, extack); + + err = nlmsg_parse_strict(nlh, sizeof(*ifm), tb, IFA_MAX, + ifa_ipv6_policy, extack); + if (err) + return err; + + for (i = 0; i <= IFA_MAX; i++) { + if (!tb[i]) + continue; + + switch (i) { + case IFA_TARGET_NETNSID: + case IFA_ADDRESS: + case IFA_LOCAL: + break; + default: + NL_SET_ERR_MSG_MOD(extack, "Unsupported attribute in get address request"); + return -EINVAL; + } + } + + return 0; +} + static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh, struct netlink_ext_ack *extack) { @@ -5199,8 +5245,7 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh, struct sk_buff *skb; int err; - err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy, - extack); + err = inet6_rtm_valid_getaddr_req(in_skb, nlh, tb, extack); if (err < 0) return err;