* [PATCH iproute2] macsec: fix off-by-one when parsing attributes
@ 2018-10-12 15:34 Sabrina Dubroca
2018-10-15 16:36 ` Stephen Hemminger
0 siblings, 1 reply; 3+ messages in thread
From: Sabrina Dubroca @ 2018-10-12 15:34 UTC (permalink / raw)
To: netdev; +Cc: Stephen Hemminger, Sabrina Dubroca, David Ahern
I seem to have had a massive brainfart with uses of
parse_rtattr_nested(). The rtattr* array must have MAX+1 elements, and
the call to parse_rtattr_nested must have MAX as its bound. Let's fix
those.
Fixes: b26fc590ce62 ("ip: add MACsec support")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
---
ip/ipmacsec.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c
index fa56e0eee774..007ce5404788 100644
--- a/ip/ipmacsec.c
+++ b/ip/ipmacsec.c
@@ -727,7 +727,7 @@ static void print_txsc_stats(const char *prefix, struct rtattr *attr)
if (!attr || show_stats == 0)
return;
- parse_rtattr_nested(stats, MACSEC_TXSC_STATS_ATTR_MAX + 1, attr);
+ parse_rtattr_nested(stats, MACSEC_TXSC_STATS_ATTR_MAX, attr);
print_stats(prefix, txsc_stats_names, NUM_MACSEC_TXSC_STATS_ATTR,
stats);
@@ -751,7 +751,7 @@ static void print_secy_stats(const char *prefix, struct rtattr *attr)
if (!attr || show_stats == 0)
return;
- parse_rtattr_nested(stats, MACSEC_SECY_STATS_ATTR_MAX + 1, attr);
+ parse_rtattr_nested(stats, MACSEC_SECY_STATS_ATTR_MAX, attr);
print_stats(prefix, secy_stats_names,
NUM_MACSEC_SECY_STATS_ATTR, stats);
@@ -772,7 +772,7 @@ static void print_rxsa_stats(const char *prefix, struct rtattr *attr)
if (!attr || show_stats == 0)
return;
- parse_rtattr_nested(stats, MACSEC_SA_STATS_ATTR_MAX + 1, attr);
+ parse_rtattr_nested(stats, MACSEC_SA_STATS_ATTR_MAX, attr);
print_stats(prefix, rxsa_stats_names, NUM_MACSEC_SA_STATS_ATTR, stats);
}
@@ -789,7 +789,7 @@ static void print_txsa_stats(const char *prefix, struct rtattr *attr)
if (!attr || show_stats == 0)
return;
- parse_rtattr_nested(stats, MACSEC_SA_STATS_ATTR_MAX + 1, attr);
+ parse_rtattr_nested(stats, MACSEC_SA_STATS_ATTR_MAX, attr);
print_stats(prefix, txsa_stats_names, NUM_MACSEC_SA_STATS_ATTR, stats);
}
@@ -817,7 +817,7 @@ static void print_tx_sc(const char *prefix, __u64 sci, __u8 encoding_sa,
bool state;
open_json_object(NULL);
- parse_rtattr_nested(sa_attr, MACSEC_SA_ATTR_MAX + 1, a);
+ parse_rtattr_nested(sa_attr, MACSEC_SA_ATTR_MAX, a);
state = rta_getattr_u8(sa_attr[MACSEC_SA_ATTR_ACTIVE]);
print_string(PRINT_FP, NULL, "%s", prefix);
@@ -858,7 +858,7 @@ static void print_rxsc_stats(const char *prefix, struct rtattr *attr)
if (!attr || show_stats == 0)
return;
- parse_rtattr_nested(stats, MACSEC_RXSC_STATS_ATTR_MAX + 1, attr);
+ parse_rtattr_nested(stats, MACSEC_RXSC_STATS_ATTR_MAX, attr);
print_stats(prefix, rxsc_stats_names,
NUM_MACSEC_RXSC_STATS_ATTR, stats);
@@ -885,7 +885,7 @@ static void print_rx_sc(const char *prefix, __be64 sci, __u8 active,
bool state;
open_json_object(NULL);
- parse_rtattr_nested(sa_attr, MACSEC_SA_ATTR_MAX + 1, a);
+ parse_rtattr_nested(sa_attr, MACSEC_SA_ATTR_MAX, a);
state = rta_getattr_u8(sa_attr[MACSEC_SA_ATTR_ACTIVE]);
print_string(PRINT_FP, NULL, "%s", prefix);
@@ -918,7 +918,7 @@ static void print_rxsc_list(struct rtattr *sc)
open_json_object(NULL);
- parse_rtattr_nested(sc_attr, MACSEC_RXSC_ATTR_MAX + 1, c);
+ parse_rtattr_nested(sc_attr, MACSEC_RXSC_ATTR_MAX, c);
print_rx_sc(" ",
rta_getattr_u64(sc_attr[MACSEC_RXSC_ATTR_SCI]),
rta_getattr_u32(sc_attr[MACSEC_RXSC_ATTR_ACTIVE]),
@@ -958,7 +958,7 @@ static int process(const struct sockaddr_nl *who, struct nlmsghdr *n,
}
ifindex = rta_getattr_u32(attrs[MACSEC_ATTR_IFINDEX]);
- parse_rtattr_nested(attrs_secy, MACSEC_SECY_ATTR_MAX + 1,
+ parse_rtattr_nested(attrs_secy, MACSEC_SECY_ATTR_MAX,
attrs[MACSEC_ATTR_SECY]);
if (!validate_secy_dump(attrs_secy)) {
--
2.19.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH iproute2] macsec: fix off-by-one when parsing attributes
2018-10-12 15:34 [PATCH iproute2] macsec: fix off-by-one when parsing attributes Sabrina Dubroca
@ 2018-10-15 16:36 ` Stephen Hemminger
2018-10-15 22:02 ` Sabrina Dubroca
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Hemminger @ 2018-10-15 16:36 UTC (permalink / raw)
To: Sabrina Dubroca; +Cc: netdev, David Ahern
On Fri, 12 Oct 2018 17:34:12 +0200
Sabrina Dubroca <sd@queasysnail.net> wrote:
> I seem to have had a massive brainfart with uses of
> parse_rtattr_nested(). The rtattr* array must have MAX+1 elements, and
> the call to parse_rtattr_nested must have MAX as its bound. Let's fix
> those.
>
> Fixes: b26fc590ce62 ("ip: add MACsec support")
> Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Applied,
How did it ever work??
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH iproute2] macsec: fix off-by-one when parsing attributes
2018-10-15 16:36 ` Stephen Hemminger
@ 2018-10-15 22:02 ` Sabrina Dubroca
0 siblings, 0 replies; 3+ messages in thread
From: Sabrina Dubroca @ 2018-10-15 22:02 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: netdev, David Ahern
2018-10-15, 09:36:58 -0700, Stephen Hemminger wrote:
> On Fri, 12 Oct 2018 17:34:12 +0200
> Sabrina Dubroca <sd@queasysnail.net> wrote:
>
> > I seem to have had a massive brainfart with uses of
> > parse_rtattr_nested(). The rtattr* array must have MAX+1 elements, and
> > the call to parse_rtattr_nested must have MAX as its bound. Let's fix
> > those.
> >
> > Fixes: b26fc590ce62 ("ip: add MACsec support")
> > Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
>
> Applied,
> How did it ever work??
I'm guessing it wrote over some other stack variables before their
first use. It worked without issue until the JSON patch.
Thanks,
--
Sabrina
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-10-16 5:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-10-12 15:34 [PATCH iproute2] macsec: fix off-by-one when parsing attributes Sabrina Dubroca
2018-10-15 16:36 ` Stephen Hemminger
2018-10-15 22:02 ` Sabrina Dubroca
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.