linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Johannes Berg <johannes@sipsolutions.net>
To: Michal Kubecek <mkubecek@suse.cz>,
	"David S. Miller" <davem@davemloft.net>
Cc: "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
	David Ahern <dsahern@gmail.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH net-next 3/3] netlink: add validation of NLA_F_NESTED flag
Date: Thu, 02 May 2019 14:54:56 +0200	[thread overview]
Message-ID: <3e8291cb2491e9a1830afdb903ed2c52e9f7475c.camel@sipsolutions.net> (raw)
In-Reply-To: <75a0887b3eb70005c272685d8ef9a712f37d7a54.1556798793.git.mkubecek@suse.cz>

On Thu, 2019-05-02 at 12:48 +0000, Michal Kubecek wrote:
> Add new validation flag NL_VALIDATE_NESTED which adds three consistency
> checks of NLA_F_NESTED_FLAG:
> 
>   - the flag is set on attributes with NLA_NESTED{,_ARRAY} policy
>   - the flag is not set on attributes with other policies except NLA_UNSPEC
>   - the flag is set on attribute passed to nla_parse_nested()

Looks good to me!

> @@ -415,7 +418,8 @@ enum netlink_validation {
>  #define NL_VALIDATE_STRICT (NL_VALIDATE_TRAILING |\
>  			    NL_VALIDATE_MAXTYPE |\
>  			    NL_VALIDATE_UNSPEC |\
> -			    NL_VALIDATE_STRICT_ATTRS)
> +			    NL_VALIDATE_STRICT_ATTRS |\
> +			    NL_VALIDATE_NESTED)

This is fine _right now_, but in general we cannot keep adding here
after the next release :-)

>  int netlink_rcv_skb(struct sk_buff *skb,
>  		    int (*cb)(struct sk_buff *, struct nlmsghdr *,
> @@ -1132,6 +1136,10 @@ static inline int nla_parse_nested(struct nlattr *tb[], int maxtype,
>  				   const struct nla_policy *policy,
>  				   struct netlink_ext_ack *extack)
>  {
> +	if (!(nla->nla_type & NLA_F_NESTED)) {
> +		NL_SET_ERR_MSG_ATTR(extack, nla, "nested attribute expected");

Maybe reword that to say "NLA_F_NESTED is missing" or so? The "nested
attribute expected" could result in a lot of headscratching (without
looking at the code) because it looks nested if you do nla_nest_start()
etc.

> +		return -EINVAL;
> +	}
>  	return __nla_parse(tb, maxtype, nla_data(nla), nla_len(nla), policy,
>  			   NL_VALIDATE_STRICT, extack);

I'd probably put a blank line there but ymmv.

>  }
> diff --git a/lib/nlattr.c b/lib/nlattr.c
> index adc919b32bf9..92da65cb6637 100644
> --- a/lib/nlattr.c
> +++ b/lib/nlattr.c
> @@ -184,6 +184,21 @@ static int validate_nla(const struct nlattr *nla, int maxtype,
>  		}
>  	}
>  
> +	if (validate & NL_VALIDATE_NESTED) {
> +		if ((pt->type == NLA_NESTED || pt->type == NLA_NESTED_ARRAY) &&
> +		    !(nla->nla_type & NLA_F_NESTED)) {
> +			NL_SET_ERR_MSG_ATTR(extack, nla,
> +					    "nested attribute expected");
> +			return -EINVAL;
> +		}
> +		if (pt->type != NLA_NESTED && pt->type != NLA_NESTED_ARRAY &&
> +		    pt->type != NLA_UNSPEC && (nla->nla_type & NLA_F_NESTED)) {
> +			NL_SET_ERR_MSG_ATTR(extack, nla,
> +					    "nested attribute not expected");
> +			return -EINVAL;

Same comment here wrt. the messages, I think they should more explicitly
refer to the flag.

johannes

(PS: if you CC me on this address I generally can respond quicker)


  reply	other threads:[~2019-05-02 12:55 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-02 12:48 [PATCH net-next 0/3] netlink: strict attribute checking follow-up Michal Kubecek
2019-05-02 12:48 ` [PATCH net-next 1/3] genetlink: do not validate dump requests if there is no policy Michal Kubecek
2019-05-02 12:51   ` Johannes Berg
2019-05-02 13:10     ` Michal Kubecek
2019-05-02 13:13       ` Johannes Berg
2019-05-02 13:32         ` Michal Kubecek
2019-05-02 13:36           ` David Ahern
2019-05-02 15:28             ` Johannes Berg
2019-05-02 12:48 ` [PATCH net-next 3/3] netlink: add validation of NLA_F_NESTED flag Michal Kubecek
2019-05-02 12:54   ` Johannes Berg [this message]
2019-05-02 13:14     ` Michal Kubecek
2019-05-02 13:40       ` David Ahern
2019-05-02 15:07       ` Johannes Berg
2019-05-02 12:48 ` [PATCH net-next 2/3] netlink: set bad attribute also on maxtype check Michal Kubecek
2019-05-02 12:52   ` Johannes Berg
2019-05-02 13:37   ` David Ahern

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3e8291cb2491e9a1830afdb903ed2c52e9f7475c.camel@sipsolutions.net \
    --to=johannes@sipsolutions.net \
    --cc=davem@davemloft.net \
    --cc=dsahern@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mkubecek@suse.cz \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).