diff options
| author | David S. Miller <davem@davemloft.net> | 2019-05-04 01:27:11 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2019-05-04 01:27:11 -0400 |
| commit | 8cca3397f6165ee1cbec68fc837839e832e3270a (patch) | |
| tree | f2aad0917c7a2e619bca6eefa82eb6b3355fb537 /include | |
| parent | 5eabc27dedd30a738e50a80cdb184b94d2a2ef05 (diff) | |
| parent | b424e432e770d6dd572765459d5b6a96a19c5286 (diff) | |
Merge branch 'netlink-strict-attribute-checking-follow-up'
Michal Kubecek says:
====================
netlink: strict attribute checking follow-up
Three follow-up patches for recent strict netlink validation series.
Patch 1 fixes dump handling for genetlink families which validate and parse
messages themselves (e.g. because they need different policies for diferent
commands).
Patch 2 sets bad_attr in extack in one place where this was omitted.
Patch 3 adds new NL_VALIDATE_NESTED flags for strict validation to enable
checking that NLA_F_NESTED value in received messages matches expectations
and includes this flag in NL_VALIDATE_STRICT. This would change userspace
visible behavior but the previous switching to NL_VALIDATE_STRICT for new
code is still only in net-next at the moment.
v2: change error messages to mention NLA_F_NESTED explicitly
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/netlink.h | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/include/net/netlink.h b/include/net/netlink.h index 679f649748d4..395b4406f4b0 100644 --- a/include/net/netlink.h +++ b/include/net/netlink.h @@ -401,6 +401,8 @@ struct nl_info { * are enforced going forward. * @NL_VALIDATE_STRICT_ATTRS: strict attribute policy parsing (e.g. * U8, U16, U32 must have exact size, etc.) + * @NL_VALIDATE_NESTED: Check that NLA_F_NESTED is set for NLA_NESTED(_ARRAY) + * and unset for other policies. */ enum netlink_validation { NL_VALIDATE_LIBERAL = 0, @@ -408,6 +410,7 @@ enum netlink_validation { NL_VALIDATE_MAXTYPE = BIT(1), NL_VALIDATE_UNSPEC = BIT(2), NL_VALIDATE_STRICT_ATTRS = BIT(3), + NL_VALIDATE_NESTED = BIT(4), }; #define NL_VALIDATE_DEPRECATED_STRICT (NL_VALIDATE_TRAILING |\ @@ -415,7 +418,8 @@ enum netlink_validation { #define NL_VALIDATE_STRICT (NL_VALIDATE_TRAILING |\ NL_VALIDATE_MAXTYPE |\ NL_VALIDATE_UNSPEC |\ - NL_VALIDATE_STRICT_ATTRS) + NL_VALIDATE_STRICT_ATTRS |\ + NL_VALIDATE_NESTED) int netlink_rcv_skb(struct sk_buff *skb, int (*cb)(struct sk_buff *, struct nlmsghdr *, @@ -1132,6 +1136,11 @@ static inline int nla_parse_nested(struct nlattr *tb[], int maxtype, const struct nla_policy *policy, struct netlink_ext_ack *extack) { + if (!(nla->nla_type & NLA_F_NESTED)) { + NL_SET_ERR_MSG_ATTR(extack, nla, "NLA_F_NESTED is missing"); + return -EINVAL; + } + return __nla_parse(tb, maxtype, nla_data(nla), nla_len(nla), policy, NL_VALIDATE_STRICT, extack); } |