From: Pablo Neira Ayuso <pablo@netfilter.org> To: Phil Sutter <phil@nwl.cc>, netfilter-devel@vger.kernel.org Subject: Re: [libnftnl PATCH] src: Fix nftnl_assert() on data_len Date: Sat, 15 Feb 2020 14:17:13 +0100 Message-ID: <20200215131713.5gwn4ayk2udjff33@salvia> (raw) In-Reply-To: <20200215004311.GS20005@orbyte.nwl.cc> [-- Attachment #1: Type: text/plain, Size: 2029 bytes --] On Sat, Feb 15, 2020 at 01:43:11AM +0100, Phil Sutter wrote: > Hi Pablo, > > On Fri, Feb 14, 2020 at 06:42:00PM +0100, Pablo Neira Ayuso wrote: > > On Fri, Feb 14, 2020 at 06:34:50PM +0100, Phil Sutter wrote: > > > On Fri, Feb 14, 2020 at 06:32:47PM +0100, Pablo Neira Ayuso wrote: > > > > On Fri, Feb 14, 2020 at 06:24:17PM +0100, Phil Sutter wrote: > > > > > Typical idiom for *_get_u*() getters is to call *_get_data() and make > > > > > sure data_len matches what each of them is returning. Yet they shouldn't > > > > > trust *_get_data() to write into passed pointer to data_len since for > > > > > chains and NFTNL_CHAIN_DEVICES attribute, it does not. Make sure these > > > > > assert() calls trigger in those cases. > > > > > > > > The intention to catch for unset attributes through the assertion, > > > > right? > > > > > > No, this is about making sure that no wrong getter is called, e.g. > > > nftnl_chain_get_u64() with e.g. NFTNL_CHAIN_HOOKNUM attribute which is > > > only 32bits. > > > > I think it will also catch the case I'm asking. If attribute is unset, > > then nftnl_chain_get_data() returns NULL and the assertion checks > > data_len, which has not been properly initialized. > > With nftnl_assert() being (shortened): > > | #define nftnl_assert(val, attr, expr) \ > | ((!val || expr) ? \ > | (void)0 : __nftnl_assert_fail(attr, __FILE__, __LINE__)) > > Check for 'expr' (which is passed as 'data_len == sizeof(<something>)') > will only happen if 'val' is not NULL. Callers then return like so: > > | return val ? *val : 0; > > This means that if you pass an unset attribute to the getter, it will > simply return 0. Thanks for explaining, Phil. If the problem is just NFTNL_CHAIN_DEVICES and NFTNL_FLOWTABLE_DEVICES, probably this is just fine? So zero data-length is reversed for arrays and update nftnl_assert() to skip data_len == 0, ie. > | #define nftnl_assert(val, attr, expr) \ > | ((!val || data_len == 0 || expr) ? \ > | (void)0 : __nftnl_assert_fail(attr, __FILE__, __LINE__)) [-- Attachment #2: x.patch --] [-- Type: text/x-diff, Size: 1261 bytes --] diff --git a/include/utils.h b/include/utils.h index 8af5a8e973fa..53999c982c56 100644 --- a/include/utils.h +++ b/include/utils.h @@ -30,7 +30,7 @@ void __noreturn __abi_breakage(const char *file, int line, const char *reason); void __nftnl_assert_fail(uint16_t attr, const char *filename, int line); #define nftnl_assert(val, attr, expr) \ - ((!val || expr) \ + ((!val || data_len == 0 || expr) \ ? (void)0 \ : __nftnl_assert_fail(attr, __FILE__, __LINE__)) diff --git a/src/chain.c b/src/chain.c index b4066e4d4e88..94a9e43a1754 100644 --- a/src/chain.c +++ b/src/chain.c @@ -364,6 +364,7 @@ const void *nftnl_chain_get_data(const struct nftnl_chain *c, uint16_t attr, *data_len = strlen(c->dev) + 1; return c->dev; case NFTNL_CHAIN_DEVICES: + *data_len = 0; return &c->dev_array[0]; } return NULL; diff --git a/src/flowtable.c b/src/flowtable.c index 1e235d0ba50f..635322d7fa56 100644 --- a/src/flowtable.c +++ b/src/flowtable.c @@ -230,6 +230,7 @@ const void *nftnl_flowtable_get_data(const struct nftnl_flowtable *c, *data_len = sizeof(int32_t); return &c->family; case NFTNL_FLOWTABLE_DEVICES: + *data_len = 0; return &c->dev_array[0]; case NFTNL_FLOWTABLE_SIZE: *data_len = sizeof(int32_t);
next prev parent reply index Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-02-14 17:24 Phil Sutter 2020-02-14 17:32 ` Pablo Neira Ayuso 2020-02-14 17:34 ` Phil Sutter 2020-02-14 17:42 ` Pablo Neira Ayuso 2020-02-15 0:43 ` Phil Sutter 2020-02-15 13:17 ` Pablo Neira Ayuso [this message] 2020-02-15 22:58 ` Phil Sutter 2020-02-18 13:42 ` Pablo Neira Ayuso 2020-02-18 18:18 ` Phil Sutter 2020-02-18 21:06 ` Pablo Neira Ayuso 2020-02-18 23:02 ` Phil Sutter 2020-02-19 9:32 ` Pablo Neira Ayuso
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200215131713.5gwn4ayk2udjff33@salvia \ --to=pablo@netfilter.org \ --cc=netfilter-devel@vger.kernel.org \ --cc=phil@nwl.cc \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Netfilter-Devel Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \ netfilter-devel@vger.kernel.org public-inbox-index netfilter-devel Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel AGPL code for this site: git clone https://public-inbox.org/public-inbox.git