diff options
| author | David S. Miller <davem@davemloft.net> | 2019-05-04 01:27:11 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2019-05-04 01:27:11 -0400 |
| commit | 8cca3397f6165ee1cbec68fc837839e832e3270a (patch) | |
| tree | f2aad0917c7a2e619bca6eefa82eb6b3355fb537 /lib/nlattr.c | |
| parent | 5eabc27dedd30a738e50a80cdb184b94d2a2ef05 (diff) | |
| parent | b424e432e770d6dd572765459d5b6a96a19c5286 (diff) | |
Merge branch 'netlink-strict-attribute-checking-follow-up'
Michal Kubecek says:
====================
netlink: strict attribute checking follow-up
Three follow-up patches for recent strict netlink validation series.
Patch 1 fixes dump handling for genetlink families which validate and parse
messages themselves (e.g. because they need different policies for diferent
commands).
Patch 2 sets bad_attr in extack in one place where this was omitted.
Patch 3 adds new NL_VALIDATE_NESTED flags for strict validation to enable
checking that NLA_F_NESTED value in received messages matches expectations
and includes this flag in NL_VALIDATE_STRICT. This would change userspace
visible behavior but the previous switching to NL_VALIDATE_STRICT for new
code is still only in net-next at the moment.
v2: change error messages to mention NLA_F_NESTED explicitly
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'lib/nlattr.c')
| -rw-r--r-- | lib/nlattr.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/lib/nlattr.c b/lib/nlattr.c index 29f6336e2422..cace9b307781 100644 --- a/lib/nlattr.c +++ b/lib/nlattr.c @@ -184,6 +184,21 @@ static int validate_nla(const struct nlattr *nla, int maxtype, } } + if (validate & NL_VALIDATE_NESTED) { + if ((pt->type == NLA_NESTED || pt->type == NLA_NESTED_ARRAY) && + !(nla->nla_type & NLA_F_NESTED)) { + NL_SET_ERR_MSG_ATTR(extack, nla, + "NLA_F_NESTED is missing"); + return -EINVAL; + } + if (pt->type != NLA_NESTED && pt->type != NLA_NESTED_ARRAY && + pt->type != NLA_UNSPEC && (nla->nla_type & NLA_F_NESTED)) { + NL_SET_ERR_MSG_ATTR(extack, nla, + "NLA_F_NESTED not expected"); + return -EINVAL; + } + } + switch (pt->type) { case NLA_EXACT_LEN: if (attrlen != pt->len) @@ -356,7 +371,8 @@ static int __nla_validate_parse(const struct nlattr *head, int len, int maxtype, if (type == 0 || type > maxtype) { if (validate & NL_VALIDATE_MAXTYPE) { - NL_SET_ERR_MSG(extack, "Unknown attribute type"); + NL_SET_ERR_MSG_ATTR(extack, nla, + "Unknown attribute type"); return -EINVAL; } continue; |