From patchwork Wed Feb 17 20:45:45 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Maya Rashish <mrashish@redhat.com>
X-Patchwork-Id: 1441355
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org
 (client-ip=23.128.96.18; helo=vger.kernel.org;
 envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=pass (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=JjRw5gvo;
	dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by ozlabs.org (Postfix) with ESMTP id 4DgqfZ36nMz9sVJ
	for <incoming@patchwork.ozlabs.org>; Thu, 18 Feb 2021 07:47:50 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234636AbhBQUrd (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
        Wed, 17 Feb 2021 15:47:33 -0500
Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:49772 "EHLO
        us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S235048AbhBQUrQ (ORCPT
        <rfc822;netfilter-devel@vger.kernel.org>);
        Wed, 17 Feb 2021 15:47:16 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1613594750;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding;
        bh=w+DiD35xdNi8av5PDEFgoqTvgnRDjIKDhokap1iQulY=;
        b=JjRw5gvoLUCX4Ung77n/OvcxxU5i3KLTqTvlXP2iFoEmSvIO27gDO4aWjcG74ZCLADI9tk
        xpv0mvaOBc52y5mmBUbPt99A8YqbIdRICS4pOY7LvVU8EHPymh/6AJGBCRTcCfD7kB1gf4
        B7ZcA3hlBIgQLrle8UuFCHPNt57q/hE=
Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com
 [209.85.208.72]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-392-n2SmLWiCPtu06ixMhlp6Ww-1; Wed, 17 Feb 2021 15:45:48 -0500
X-MC-Unique: n2SmLWiCPtu06ixMhlp6Ww-1
Received: by mail-ed1-f72.google.com with SMTP id m16so11236225edd.21
        for <netfilter-devel@vger.kernel.org>;
 Wed, 17 Feb 2021 12:45:48 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:to:from:subject:message-id:date:user-agent
         :mime-version:content-language:content-transfer-encoding;
        bh=w+DiD35xdNi8av5PDEFgoqTvgnRDjIKDhokap1iQulY=;
        b=ujnmHuWWpa7SXUGVGOKGKLCgQpk5+lpizCGvM/VSV5S7uY7Db+lKaKHJid3x1Mz86u
         jT052P7L25KLL8FPIZSl8YYrirzKUMA7w3wV7iJr6WfCIBevDNEt13sjDwf1y4frOYiH
         wAcC94A6Y7g78ehD9XfVzRyv3H6acAEh4Xu6SVc50EdWEU97tRLUZ3oNSoKesz/7dlCJ
         b/DcMUJt6Rtb54SZieFyzug6xLuYsRI1vHAtfh0QY8szCGRg/PlJXpinWiGe3wqhjh1Q
         mlgUAvwg5NCC4pC7OiffKXh32HiwnuDL4rcUyNOg5qbHYP3BO1cl9ndY0DphIiZZEWa8
         AFoQ==
X-Gm-Message-State: AOAM531BlU7VIwrD8Mp58u32V0arKFB76Jo2BE3PXJeDoCJ12BMTi4zh
        JyQU4E4c3I5X+Zb4R3zBA8o8xV5pgBnASk6+OUH++tK5ghijbvvb2EhGodNjt8qYmQpdgzHe0em
        QrJEydjV0pXSFauNWbIpPzLyTIwOkGmzalyIs1h8e4/hRnXpskk5sV/nZ67t+Bt1kVXjlTx4ZPm
        ge7GpL
X-Received: by 2002:a17:906:259a:: with SMTP id
 m26mr723833ejb.399.1613594747468;
        Wed, 17 Feb 2021 12:45:47 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJywvYrYEd53CS0elv/kMwzquKm/Yi6nfJIV4y64th5Ek4bkzazzOp4LREnbevvonRGcmjaRMw==
X-Received: by 2002:a17:906:259a:: with SMTP id
 m26mr723819ejb.399.1613594747134;
        Wed, 17 Feb 2021 12:45:47 -0800 (PST)
Received: from localhost.localdomain ([2a02:ed3:472:7000::1000])
        by smtp.gmail.com with ESMTPSA id
 ar9sm1662872ejc.32.2021.02.17.12.45.46
        for <netfilter-devel@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 17 Feb 2021 12:45:46 -0800 (PST)
To: netfilter-devel@vger.kernel.org
From: Maya Rashish <mrashish@redhat.com>
Subject: [libnftnl PATCH 1/2] Avoid out of bound reads in tests.
Message-ID: <6b4add9f-7947-9f81-48c9-83b77286d2e6@redhat.com>
Date: Wed, 17 Feb 2021 22:45:45 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.7.0
MIME-Version: 1.0
Content-Language: en-US
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

Our string isn't NUL-terminated. To avoid reading past
the last character, use strndup.

Signed-off-by: Maya Rashish <mrashish@redhat.com>
---
  tests/nft-expr_match-test.c  | 2 +-
  tests/nft-expr_target-test.c | 2 +-
  2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/nft-expr_match-test.c b/tests/nft-expr_match-test.c
index 39a49d8..f6b7bc0 100644
--- a/tests/nft-expr_match-test.c
+++ b/tests/nft-expr_match-test.c
@@ -71,7 +71,7 @@ int main(int argc, char *argv[])

  	nftnl_expr_set_str(ex, NFTNL_EXPR_MT_NAME, "Tests");
  	nftnl_expr_set_u32(ex, NFTNL_EXPR_MT_REV, 0x12345678);
-	nftnl_expr_set(ex, NFTNL_EXPR_MT_INFO, strdup(data), sizeof(data));
+	nftnl_expr_set(ex, NFTNL_EXPR_MT_INFO, strndup(data, sizeof(data)), sizeof(data));
  	nftnl_rule_add_expr(a, ex);

  	nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234);
diff --git a/tests/nft-expr_target-test.c b/tests/nft-expr_target-test.c
index ba56b27..a135b9c 100644
--- a/tests/nft-expr_target-test.c
+++ b/tests/nft-expr_target-test.c
@@ -71,7 +71,7 @@ int main(int argc, char *argv[])

  	nftnl_expr_set(ex, NFTNL_EXPR_TG_NAME, "test", strlen("test"));
  	nftnl_expr_set_u32(ex, NFTNL_EXPR_TG_REV, 0x56781234);
-	nftnl_expr_set(ex, NFTNL_EXPR_TG_INFO, strdup(data), sizeof(data));
+	nftnl_expr_set(ex, NFTNL_EXPR_TG_INFO, strndup(data, sizeof(data)), sizeof(data));
  	nftnl_rule_add_expr(a, ex);

  	nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234);

From patchwork Wed Feb 17 20:46:50 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Maya Rashish <mrashish@redhat.com>
X-Patchwork-Id: 1441356
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org
 (client-ip=23.128.96.18; helo=vger.kernel.org;
 envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=pass (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=XliVF1fb;
	dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by ozlabs.org (Postfix) with ESMTP id 4Dgqgd1TWYz9sCD
	for <incoming@patchwork.ozlabs.org>; Thu, 18 Feb 2021 07:48:45 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234662AbhBQUs0 (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
        Wed, 17 Feb 2021 15:48:26 -0500
Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:51524 "EHLO
        us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S230315AbhBQUsV (ORCPT
        <rfc822;netfilter-devel@vger.kernel.org>);
        Wed, 17 Feb 2021 15:48:21 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1613594815;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding;
        bh=xHNs+krQDWBUYEOMl+kZuFAm15Utl+C1pG0+ACWQ4SU=;
        b=XliVF1fbTqEXe6Q9cL3wK5+s57gdbpu7ZI/QtFV++EuYdhGwVkQfE5PMc6z5/fevWFipxC
        0uv8nkvH9jAhmKWU5sv9H+feKyBmgHnPtP/xMhuIBnCHegLiM2QigMpRKxi3fmBnqpzzCd
        N3/0OdLhdPGYjaISS/QfgyIKnTyTd3Q=
Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com
 [209.85.208.72]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-453-DDOzr_EjMaOclLpl9BkoNA-1; Wed, 17 Feb 2021 15:46:53 -0500
X-MC-Unique: DDOzr_EjMaOclLpl9BkoNA-1
Received: by mail-ed1-f72.google.com with SMTP id y90so5056374ede.8
        for <netfilter-devel@vger.kernel.org>;
 Wed, 17 Feb 2021 12:46:53 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:to:from:subject:message-id:date:user-agent
         :mime-version:content-language:content-transfer-encoding;
        bh=xHNs+krQDWBUYEOMl+kZuFAm15Utl+C1pG0+ACWQ4SU=;
        b=Wml53zzL8mi/QoBcqkO5DHkzt4bNHNcaLTlpqoinTPWPUNKQPUOLCFHtFdGw+krww0
         zbx7HBt8dVdMvw/f8lZVpA69d5RVagQJnr55YRTi0ZcLqgkZQ8gM9XV/ZQYGgsth6Zg4
         SGbDs0JS5I4bKdKmAyKqTNsfJQqM6YUSulZzer/1j2Fi9eApkknomWApOmjEhDxyTiHv
         UqNYKQen7YsjFppbsfY4I+9eRX84Eai9SgrvdOvkCZHKuDSaBD+2sH3XTzbh0/wpLLv4
         x4DyN9kfKWUE1Ww4P642N4N5e+up3cLZ0IXh/o5L0jaxvDO2Hnh0+z4GI69ONeIeHDoD
         5h3w==
X-Gm-Message-State: AOAM530G4nCptLb8OFdGE6dTl8zpd/kBFZv08MSo8QeLj64hY7PyZzjU
        fBrcyDddPIoOFwPQ/qLCZvRshuQl5XhXaWckNcPZ1V2dAwq4ejkDnHOHfZZZRALamvzJOmo2tPY
        m2oV44Mpz8ZkU7aEVrw7e9+IAwcT4PoXxujb505VPl39XdJ84DoRRxU7IOOUaMnp9JcKV4y2qhe
        XHWSfr
X-Received: by 2002:aa7:da19:: with SMTP id r25mr614151eds.367.1613594812021;
        Wed, 17 Feb 2021 12:46:52 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJybX67jqWI1ev57RGJcAYGnZ34TttAO/GT01BRqzGw5r+MPkYbzSebL/BVp71QLkq4BHDOrzg==
X-Received: by 2002:aa7:da19:: with SMTP id r25mr614138eds.367.1613594811869;
        Wed, 17 Feb 2021 12:46:51 -0800 (PST)
Received: from localhost.localdomain ([2a02:ed3:472:7000::1000])
        by smtp.gmail.com with ESMTPSA id
 k9sm1606636edo.30.2021.02.17.12.46.51
        for <netfilter-devel@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 17 Feb 2021 12:46:51 -0800 (PST)
To: netfilter-devel@vger.kernel.org
From: Maya Rashish <mrashish@redhat.com>
Subject: [libnftnl PATCH 2/2] Avoid out of bounds read from data
Message-ID: <152a0191-c777-2b57-0775-ba94a59c74a0@redhat.com>
Date: Wed, 17 Feb 2021 22:46:50 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.7.0
MIME-Version: 1.0
Content-Language: en-US
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

This might introduce some issues since we're now not
filling the rest of the memory, but filling out with
uninitialized garbage is probably as bad as leaving it
as garbage.

Signed-off-by: Maya Rashish <mrashish@redhat.com>
---
  include/utils.h    | 2 ++
  src/expr/counter.c | 4 ++--
  2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/include/utils.h b/include/utils.h
index 8af5a8e..7413534 100644
--- a/include/utils.h
+++ b/include/utils.h
@@ -67,6 +67,8 @@ void __nftnl_assert_attr_exists(uint16_t attr, uint16_t attr_max,

  #define array_size(arr)		(sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))

+#define	MIN(a,b)		(a>b ? (b) : (a))
+
  const char *nftnl_family2str(uint32_t family);
  int nftnl_str2family(const char *family);

diff --git a/src/expr/counter.c b/src/expr/counter.c
index 89a602e..fb036dd 100644
--- a/src/expr/counter.c
+++ b/src/expr/counter.c
@@ -35,10 +35,10 @@ nftnl_expr_counter_set(struct nftnl_expr *e, uint16_t type,

  	switch(type) {
  	case NFTNL_EXPR_CTR_BYTES:
-		memcpy(&ctr->bytes, data, sizeof(ctr->bytes));
+		memcpy(&ctr->bytes, data, MIN(data_len, sizeof(ctr->bytes)));
  		break;
  	case NFTNL_EXPR_CTR_PACKETS:
-		memcpy(&ctr->pkts, data, sizeof(ctr->pkts));
+		memcpy(&ctr->pkts, data, MIN(data_len, sizeof(ctr->pkts)));
  		break;
  	default:
  		return -1;