Audit and fix all misuse of NLA_STRING: STATUS

Audit and fix all misuse of NLA_STRING: STATUS

[Romain Perier]

Hi !

Here a first review, you can get the complete list here:

https://salsa.debian.org/rperier-guest/linux-tree/raw/next/STATUS



Regards,
Romain

Re: Audit and fix all misuse of NLA_STRING: STATUS

[Kees Cook]

On Tue, Jun 18, 2019 at 07:56:42PM +0200, Romain Perier wrote:
> Hi !
> 
> Here a first review, you can get the complete list here:
> 
> https://salsa.debian.org/rperier-guest/linux-tree/raw/next/STATUS

Cool! You identified three issues:

net/netfilter/nfnetlink_cthelper.c:
	NF_CT_HELPER_NAME_LEN is used instead of NF_CT_EXP_POLICY_NAME_LEN

net/netfilter/ipset/ip_set_list_set.c:
	IPSET_ATTR_NAME and IPSET_ATTR_NAMEREF both have a len of
	IPSET_MAXNAMELEN for a string of size IPSET_MAXNAMELEN

net/openvswitch/conntrack.c:
	maxlen of NF_CT_HELPER_NAME_LEN with a string of size
	NF_CT_HELPER_NAME_LEN. maxlen of CTNL_TIMEOUT_NAME_MAX with a
	string of size CTNL_TIMEOUT_NAME_MAX

I haven't looked closely at this myself yet, but I think the next step
would be to write patches for each of these. And while doing that, have
an eye toward thinking about how each case could be made more robust in
the future to avoid these kinds of flaws returning.

Nice!

-- 
Kees Cook

Re: Audit and fix all misuse of NLA_STRING: STATUS

[Romain Perier]

Hi!

Yeah, I have found some inconsistencies, but I am not 100% sure for
all of these. I will double check and review the code closely.
I keep you in touch.

Regards,
Romain

Le jeu. 20 juin 2019 à 18:15, Kees Cook <keescook@chromium.org> a écrit :
>
> On Tue, Jun 18, 2019 at 07:56:42PM +0200, Romain Perier wrote:
> > Hi !
> >
> > Here a first review, you can get the complete list here:
> >
> > https://salsa.debian.org/rperier-guest/linux-tree/raw/next/STATUS
>
> Cool! You identified three issues:
>
> net/netfilter/nfnetlink_cthelper.c:
>         NF_CT_HELPER_NAME_LEN is used instead of NF_CT_EXP_POLICY_NAME_LEN
>
> net/netfilter/ipset/ip_set_list_set.c:
>         IPSET_ATTR_NAME and IPSET_ATTR_NAMEREF both have a len of
>         IPSET_MAXNAMELEN for a string of size IPSET_MAXNAMELEN
>
> net/openvswitch/conntrack.c:
>         maxlen of NF_CT_HELPER_NAME_LEN with a string of size
>         NF_CT_HELPER_NAME_LEN. maxlen of CTNL_TIMEOUT_NAME_MAX with a
>         string of size CTNL_TIMEOUT_NAME_MAX
>
> I haven't looked closely at this myself yet, but I think the next step
> would be to write patches for each of these. And while doing that, have
> an eye toward thinking about how each case could be made more robust in
> the future to avoid these kinds of flaws returning.
>
> Nice!
>
> --
> Kees Cook

Re: Audit and fix all misuse of NLA_STRING: STATUS

[Romain Perier]

Hi,

I have double checked.

See, https://salsa.debian.org/rperier-guest/linux-tree/raw/next/STATUS

Nothing worrying, it seems.

Regards,
Romain

Le ven. 21 juin 2019 à 12:54, Romain Perier <romain.perier@gmail.com> a écrit :
>
> Hi!
>
> Yeah, I have found some inconsistencies, but I am not 100% sure for
> all of these. I will double check and review the code closely.
> I keep you in touch.
>
> Regards,
> Romain
>
> Le jeu. 20 juin 2019 à 18:15, Kees Cook <keescook@chromium.org> a écrit :
> >
> > On Tue, Jun 18, 2019 at 07:56:42PM +0200, Romain Perier wrote:
> > > Hi !
> > >
> > > Here a first review, you can get the complete list here:
> > >
> > > https://salsa.debian.org/rperier-guest/linux-tree/raw/next/STATUS
> >
> > Cool! You identified three issues:
> >
> > net/netfilter/nfnetlink_cthelper.c:
> >         NF_CT_HELPER_NAME_LEN is used instead of NF_CT_EXP_POLICY_NAME_LEN
> >
> > net/netfilter/ipset/ip_set_list_set.c:
> >         IPSET_ATTR_NAME and IPSET_ATTR_NAMEREF both have a len of
> >         IPSET_MAXNAMELEN for a string of size IPSET_MAXNAMELEN
> >
> > net/openvswitch/conntrack.c:
> >         maxlen of NF_CT_HELPER_NAME_LEN with a string of size
> >         NF_CT_HELPER_NAME_LEN. maxlen of CTNL_TIMEOUT_NAME_MAX with a
> >         string of size CTNL_TIMEOUT_NAME_MAX
> >
> > I haven't looked closely at this myself yet, but I think the next step
> > would be to write patches for each of these. And while doing that, have
> > an eye toward thinking about how each case could be made more robust in
> > the future to avoid these kinds of flaws returning.
> >
> > Nice!
> >
> > --
> > Kees Cook

Re: Audit and fix all misuse of NLA_STRING: STATUS

[Kees Cook]

On Tue, Jun 25, 2019 at 06:42:48PM +0200, Romain Perier wrote:
> I have double checked.
> 
> See, https://salsa.debian.org/rperier-guest/linux-tree/raw/next/STATUS
> 
> Nothing worrying, it seems.

Excellent; thanks! Do you want to remove this from the TODO list?

-- 
Kees Cook

Fwd: Audit and fix all misuse of NLA_STRING: STATUS

[Romain Perier]

Adding the ML to Cc:
---------- Forwarded message ---------
De : Romain Perier <romain.perier@gmail.com>
Date: jeu. 27 juin 2019 à 16:29
Subject: Re: Audit and fix all misuse of NLA_STRING: STATUS
To: Kees Cook <keescook@chromium.org>


Hi,

Yeah sure, it's done :)
What do you suggest as next task ?

Regards,
Romain

Le jeu. 27 juin 2019 à 01:51, Kees Cook <keescook@chromium.org> a écrit :
>
> On Tue, Jun 25, 2019 at 06:42:48PM +0200, Romain Perier wrote:
> > I have double checked.
> >
> > See, https://salsa.debian.org/rperier-guest/linux-tree/raw/next/STATUS
> >
> > Nothing worrying, it seems.
>
> Excellent; thanks! Do you want to remove this from the TODO list?
>
> --
> Kees Cook