From patchwork Fri Jan 18 18:46:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1027696 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="UlIfCZSs"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43h90M2wy7z9sD9 for ; Sat, 19 Jan 2019 05:46:59 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729181AbfARSq5 (ORCPT ); Fri, 18 Jan 2019 13:46:57 -0500 Received: from mail-qk1-f193.google.com ([209.85.222.193]:36375 "EHLO mail-qk1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729113AbfARSqz (ORCPT ); Fri, 18 Jan 2019 13:46:55 -0500 Received: by mail-qk1-f193.google.com with SMTP id o125so8632322qkf.3 for ; Fri, 18 Jan 2019 10:46:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=SsT2SiiLGRSEqY9PhSWVIUlwcDWglkItOMLQA8zPuTo=; b=UlIfCZSsPIbyfjCj9BKA63jwpnKiqL5TSNTk1LYwb4WYT7QsFOPMMqjiOS5MgSjAdf 2c5+BFshK+eVWArA920QoXxztcLZaLJKCxROacXfXm9lSGCKQsl/TWw9Eebe65ENyr9B DgOY65ir5r1Rv6EqTdnBR6pRSpygUDgRrjiQuDijQZvuD/8ZzXdUEJbDwFrwO2e7pAmL qhOjnJGDPJrg7rop9aymk3QjvKBrkTW4lBDV4UqlSfQG1G9Emdq819m+TymxHkJiO8T3 ibpb9cp2obbGh+RuXFoN3fKpsaKW3UYggIip1VDucDRfFT+sMuQffWH1u7FtgYBk1Urk HTHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=SsT2SiiLGRSEqY9PhSWVIUlwcDWglkItOMLQA8zPuTo=; b=IwuLlvahLM6R0378btgcSxWP/pAr53+Y7qwHDU8Soti/pigTKy4rZSL1tIMRZZUxoe FufR0+7Vd1apgYZuEe8W55Jw6Hu30R3mpICrgnPV5pNVNP88YHNO5sTnXPzt5h7RLMpU KzDyh08H7O8z/NPCUtP6DNyYj2v1IIx7awWAVKgnpt3kYh2D8iNJo4JTUBSxnkxgYZkB osLzElyMVp1VYl8TTBPgimjweeeROtIYySAwNtlD0WR5n1ZyCljr9oAst7g0SaubKCH/ aq8mZDVLUn3y04ssWwbqsIZ2mFa51RzEhodkrTpMv4lSW0s3F02hCV2yTt+QS20zBEuI O1pw== X-Gm-Message-State: AJcUukfHZhRUddI2n/Lda/bVyqFHYOT5sksmjzAgfWObwOXJh1UoLPuU owMNz4emnFg74cgzS/aW0Bgyig== X-Google-Smtp-Source: ALg8bN5znwe39hH2cHRSW71iGJChCrFY57PVwwSeYCM3/xz1/oucoGiSsQBXNNPUPzOOhwz6DtxZSA== X-Received: by 2002:a37:5a05:: with SMTP id o5mr15834823qkb.126.1547837213903; Fri, 18 Jan 2019 10:46:53 -0800 (PST) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id l4sm12467794qtf.22.2019.01.18.10.46.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 18 Jan 2019 10:46:53 -0800 (PST) From: Jakub Kicinski To: davem@davemloft.net, dsahern@gmail.com Cc: netdev@vger.kernel.org, oss-drivers@netronome.com, Jakub Kicinski Subject: [PATCH net-next v2 14/14] net: mpls: netconf: perform strict checks also for doit handlers Date: Fri, 18 Jan 2019 10:46:26 -0800 Message-Id: <20190118184626.24021-15-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20190118184626.24021-1-jakub.kicinski@netronome.com> References: <20190118184626.24021-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Make RTM_GETNETCONF's doit handler use strict checks when NETLINK_F_STRICT_CHK is set. Signed-off-by: Jakub Kicinski --- net/mpls/af_mpls.c | 42 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 3 deletions(-) diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c index 733c86db551b..2662a23c658e 100644 --- a/net/mpls/af_mpls.c +++ b/net/mpls/af_mpls.c @@ -1209,21 +1209,57 @@ static const struct nla_policy devconf_mpls_policy[NETCONFA_MAX + 1] = { [NETCONFA_IFINDEX] = { .len = sizeof(int) }, }; +static int mpls_netconf_valid_get_req(struct sk_buff *skb, + const struct nlmsghdr *nlh, + struct nlattr **tb, + struct netlink_ext_ack *extack) +{ + int i, err; + + if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) { + NL_SET_ERR_MSG_MOD(extack, + "Invalid header for netconf get request"); + return -EINVAL; + } + + if (!netlink_strict_get_check(skb)) + return nlmsg_parse(nlh, sizeof(struct netconfmsg), tb, + NETCONFA_MAX, devconf_mpls_policy, extack); + + err = nlmsg_parse_strict(nlh, sizeof(struct netconfmsg), tb, + NETCONFA_MAX, devconf_mpls_policy, extack); + if (err) + return err; + + for (i = 0; i <= NETCONFA_MAX; i++) { + if (!tb[i]) + continue; + + switch (i) { + case NETCONFA_IFINDEX: + break; + default: + NL_SET_ERR_MSG_MOD(extack, "Unsupported attribute in netconf get request"); + return -EINVAL; + } + } + + return 0; +} + static int mpls_netconf_get_devconf(struct sk_buff *in_skb, struct nlmsghdr *nlh, struct netlink_ext_ack *extack) { struct net *net = sock_net(in_skb->sk); struct nlattr *tb[NETCONFA_MAX + 1]; - struct netconfmsg *ncm; struct net_device *dev; struct mpls_dev *mdev; struct sk_buff *skb; int ifindex; int err; - err = nlmsg_parse(nlh, sizeof(*ncm), tb, NETCONFA_MAX, - devconf_mpls_policy, extack); + err = mpls_netconf_valid_get_req(in_skb, nlh, tb, extack); if (err < 0) goto errout;