From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [libnftnl PATCH] src: Fix nftnl_assert() on data_len
Date: Sat, 15 Feb 2020 23:58:55 +0100 [thread overview]
Message-ID: <20200215225855.GU20005@orbyte.nwl.cc> (raw)
In-Reply-To: <20200215131713.5gwn4ayk2udjff33@salvia>
Hi Pablo,
On Sat, Feb 15, 2020 at 02:17:13PM +0100, Pablo Neira Ayuso wrote:
> On Sat, Feb 15, 2020 at 01:43:11AM +0100, Phil Sutter wrote:
> > Hi Pablo,
> >
> > On Fri, Feb 14, 2020 at 06:42:00PM +0100, Pablo Neira Ayuso wrote:
> > > On Fri, Feb 14, 2020 at 06:34:50PM +0100, Phil Sutter wrote:
> > > > On Fri, Feb 14, 2020 at 06:32:47PM +0100, Pablo Neira Ayuso wrote:
> > > > > On Fri, Feb 14, 2020 at 06:24:17PM +0100, Phil Sutter wrote:
> > > > > > Typical idiom for *_get_u*() getters is to call *_get_data() and make
> > > > > > sure data_len matches what each of them is returning. Yet they shouldn't
> > > > > > trust *_get_data() to write into passed pointer to data_len since for
> > > > > > chains and NFTNL_CHAIN_DEVICES attribute, it does not. Make sure these
> > > > > > assert() calls trigger in those cases.
> > > > >
> > > > > The intention to catch for unset attributes through the assertion,
> > > > > right?
> > > >
> > > > No, this is about making sure that no wrong getter is called, e.g.
> > > > nftnl_chain_get_u64() with e.g. NFTNL_CHAIN_HOOKNUM attribute which is
> > > > only 32bits.
> > >
> > > I think it will also catch the case I'm asking. If attribute is unset,
> > > then nftnl_chain_get_data() returns NULL and the assertion checks
> > > data_len, which has not been properly initialized.
> >
> > With nftnl_assert() being (shortened):
> >
> > | #define nftnl_assert(val, attr, expr) \
> > | ((!val || expr) ? \
> > | (void)0 : __nftnl_assert_fail(attr, __FILE__, __LINE__))
> >
> > Check for 'expr' (which is passed as 'data_len == sizeof(<something>)')
> > will only happen if 'val' is not NULL. Callers then return like so:
> >
> > | return val ? *val : 0;
> >
> > This means that if you pass an unset attribute to the getter, it will
> > simply return 0.
>
> Thanks for explaining, Phil. If the problem is just
> NFTNL_CHAIN_DEVICES and NFTNL_FLOWTABLE_DEVICES, probably this is just
> fine? So zero data-length is reversed for arrays and update
> nftnl_assert() to skip data_len == 0, ie.
>
> > | #define nftnl_assert(val, attr, expr) \
> > | ((!val || data_len == 0 || expr) ? \
> > | (void)0 : __nftnl_assert_fail(attr, __FILE__, __LINE__))
Your proposed patch would allow to call e.g.:
| nftnl_chain_get_u32(c, NFTNL_CHAIN_DEVICES)
This would return (uint32_t)*(&c->dev_array[0]), I highly doubt we
should allow this. Unless I miss something, it is certainly a
programming error if someone calls any of the nftnl_chain_get_{u,s}*
getters on NFTNL_CHAIN_DEVICES attribute. So aborting with error message
in nftnl_assert() is not only OK but actually helpful, no?
Cheers, Phil
next prev parent reply other threads:[~2020-02-15 22:58 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-14 17:24 [libnftnl PATCH] src: Fix nftnl_assert() on data_len Phil Sutter
2020-02-14 17:32 ` Pablo Neira Ayuso
2020-02-14 17:34 ` Phil Sutter
2020-02-14 17:42 ` Pablo Neira Ayuso
2020-02-15 0:43 ` Phil Sutter
2020-02-15 13:17 ` Pablo Neira Ayuso
2020-02-15 22:58 ` Phil Sutter [this message]
2020-02-18 13:42 ` Pablo Neira Ayuso
2020-02-18 18:18 ` Phil Sutter
2020-02-18 21:06 ` Pablo Neira Ayuso
2020-02-18 23:02 ` Phil Sutter
2020-02-19 9:32 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200215225855.GU20005@orbyte.nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).