From: Sabrina Dubroca <sd@queasysnail.net>
To: netdev@vger.kernel.org
Cc: steffen.klassert@secunet.com, Sabrina Dubroca <sd@queasysnail.net>
Subject: [RFC PATCH ipsec-next 6/6] xfrm: add extack to verify_sec_ctx_len
Date: Thu, 11 Nov 2021 13:02:47 +0100 [thread overview]
Message-ID: <a6611e353a5cdebb304671590355f1ed108cd22f.1636450303.git.sd@queasysnail.net> (raw)
In-Reply-To: <cover.1636450303.git.sd@queasysnail.net>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
---
net/xfrm/xfrm_user.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 06735eb07a7d..6d4425d9bb8f 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -101,7 +101,7 @@ static void verify_one_addr(struct nlattr **attrs, enum xfrm_attr_type_t type,
*addrp = nla_data(rt);
}
-static inline int verify_sec_ctx_len(struct nlattr **attrs)
+static inline int verify_sec_ctx_len(struct nlattr **attrs, struct netlink_ext_ack *extack)
{
struct nlattr *rt = attrs[XFRMA_SEC_CTX];
struct xfrm_user_sec_ctx *uctx;
@@ -111,8 +111,10 @@ static inline int verify_sec_ctx_len(struct nlattr **attrs)
uctx = nla_data(rt);
if (uctx->len > nla_len(rt) ||
- uctx->len != (sizeof(struct xfrm_user_sec_ctx) + uctx->ctx_len))
+ uctx->len != (sizeof(struct xfrm_user_sec_ctx) + uctx->ctx_len)) {
+ NL_SET_ERR_MSG(extack, "Invalid security context length");
return -EINVAL;
+ }
return 0;
}
@@ -263,7 +265,7 @@ static int verify_newsa_info(struct xfrm_usersa_info *p,
goto out;
if ((err = verify_one_alg(attrs, XFRMA_ALG_COMP)))
goto out;
- if ((err = verify_sec_ctx_len(attrs)))
+ if ((err = verify_sec_ctx_len(attrs, NULL)))
goto out;
if ((err = verify_replay(p, attrs)))
goto out;
@@ -1785,7 +1787,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
err = verify_newpolicy_info(p, extack);
if (err)
return err;
- err = verify_sec_ctx_len(attrs);
+ err = verify_sec_ctx_len(attrs, extack);
if (err)
return err;
@@ -2085,7 +2087,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
struct nlattr *rt = attrs[XFRMA_SEC_CTX];
struct xfrm_sec_ctx *ctx;
- err = verify_sec_ctx_len(attrs);
+ err = verify_sec_ctx_len(attrs, extack);
if (err)
return err;
@@ -2390,7 +2392,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
struct nlattr *rt = attrs[XFRMA_SEC_CTX];
struct xfrm_sec_ctx *ctx;
- err = verify_sec_ctx_len(attrs);
+ err = verify_sec_ctx_len(attrs, extack);
if (err)
return err;
@@ -2482,7 +2484,7 @@ static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh,
err = verify_newpolicy_info(&ua->policy, extack);
if (err)
goto free_state;
- err = verify_sec_ctx_len(attrs);
+ err = verify_sec_ctx_len(attrs, extack);
if (err)
goto free_state;
--
2.33.1
next prev parent reply other threads:[~2021-11-11 12:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-11 12:02 [RFC PATCH ipsec-next 0/6] xfrm: start adding netlink extack support Sabrina Dubroca
2021-11-11 12:02 ` [RFC PATCH ipsec-next 1/6] xfrm: propagate extack to all netlink doit handlers Sabrina Dubroca
2021-11-11 12:02 ` [RFC PATCH ipsec-next 2/6] xfrm: add extack support to verify_newpolicy_info Sabrina Dubroca
2021-11-11 12:02 ` [RFC PATCH ipsec-next 3/6] xfrm: add extack to verify_policy_dir Sabrina Dubroca
2021-11-11 12:02 ` [RFC PATCH ipsec-next 4/6] xfrm: add extack to validate_tmpl Sabrina Dubroca
2021-11-11 12:02 ` [RFC PATCH ipsec-next 5/6] xfrm: add extack to verify_policy_type Sabrina Dubroca
2021-11-11 12:02 ` Sabrina Dubroca [this message]
2021-12-02 14:08 ` [RFC PATCH ipsec-next 0/6] xfrm: start adding netlink extack support Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a6611e353a5cdebb304671590355f1ed108cd22f.1636450303.git.sd@queasysnail.net \
--to=sd@queasysnail.net \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.