Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp7189514yba; Thu, 2 May 2019 05:57:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqynl3Sq7eSnwDA5k75jwmUmKb6MRPdotELnw4FwjAsMvpUvLOnpBZfaUc5mEME6JvhVFUaO X-Received: by 2002:a17:902:b589:: with SMTP id a9mr3702760pls.66.1556801866233; Thu, 02 May 2019 05:57:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556801866; cv=none; d=google.com; s=arc-20160816; b=XUUyLFGoBBSER2vGHHL6lF8VTyPDVQ9hKYHoqFYyQqKZrHynB5qFUJUfDflpbKX9zm +cn+MSG1Gziu2aIbXc6MwNrhoiSYCKDIrbYhjKbXcmo+9mPhvTLKSxVmD9LMY+teFWxd EPxRZteznWieSj/693ecVQ1YL9r72qswVq4fP7ltT7HTRodtSD+RuCDEDqazpIZ471vS 4EdkCfUeh5R+oSKWVDZwgTIrf3JY4lWMAnbc0IDgnq9O+A7hV8AC5nvJ1WpUou/KasAt TbuFFxIQdKSU/lveyeM/7f+l5IJ4rqaVaK2uVed823oC8/neVK4PWGKo6OblY5cz3GAZ 4w8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id; bh=1somavQUBBoTSyKtsjjDgtoKoMn1jgZSIVEV9spDsQ8=; b=HuhEOHy6hDf8Wq0iUYR0d81jdkrBzJropZaxdlCCqWNP/ZhsDV6wvOePTa3rWt0E5s 8uN8yxy5l7hjnidrZ1xg3aBReptMg7ArPT2mHSZNAWx0lBCV0Ofi1L3qiDFETzzdlNRt +seluYscKEIMz3MvQ/Fz8sfNVsIl1/kWeo6cqk7KZe2zntRQl+6xuuF2uqpr21U8EjZi mTzCmiGXwnBx90pQpKa+bkhl6AQsOpBzSJwC4eXHSHrBf8XtK4bLYw2PxoDLahHx2sZj T5T2k5Ul3baRC2aE3R+n6P1tDUKVpUkohHt12lW65qvBywleOUhv231YaqspE4ih6Oo5 KDZA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 70si44556538pla.82.2019.05.02.05.57.31; Thu, 02 May 2019 05:57:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726472AbfEBMzC (ORCPT + 99 others); Thu, 2 May 2019 08:55:02 -0400 Received: from s3.sipsolutions.net ([144.76.43.62]:55590 "EHLO sipsolutions.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726282AbfEBMzC (ORCPT ); Thu, 2 May 2019 08:55:02 -0400 Received: by sipsolutions.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1hMBEn-000103-Sz; Thu, 02 May 2019 14:54:58 +0200 Message-ID: <3e8291cb2491e9a1830afdb903ed2c52e9f7475c.camel@sipsolutions.net> Subject: Re: [PATCH net-next 3/3] netlink: add validation of NLA_F_NESTED flag From: Johannes Berg To: Michal Kubecek , "David S. Miller" Cc: "netdev@vger.kernel.org" , David Ahern , "linux-kernel@vger.kernel.org" Date: Thu, 02 May 2019 14:54:56 +0200 In-Reply-To: <75a0887b3eb70005c272685d8ef9a712f37d7a54.1556798793.git.mkubecek@suse.cz> References: <75a0887b3eb70005c272685d8ef9a712f37d7a54.1556798793.git.mkubecek@suse.cz> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5 (3.28.5-2.fc28) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2019-05-02 at 12:48 +0000, Michal Kubecek wrote: > Add new validation flag NL_VALIDATE_NESTED which adds three consistency > checks of NLA_F_NESTED_FLAG: > > - the flag is set on attributes with NLA_NESTED{,_ARRAY} policy > - the flag is not set on attributes with other policies except NLA_UNSPEC > - the flag is set on attribute passed to nla_parse_nested() Looks good to me! > @@ -415,7 +418,8 @@ enum netlink_validation { > #define NL_VALIDATE_STRICT (NL_VALIDATE_TRAILING |\ > NL_VALIDATE_MAXTYPE |\ > NL_VALIDATE_UNSPEC |\ > - NL_VALIDATE_STRICT_ATTRS) > + NL_VALIDATE_STRICT_ATTRS |\ > + NL_VALIDATE_NESTED) This is fine _right now_, but in general we cannot keep adding here after the next release :-) > int netlink_rcv_skb(struct sk_buff *skb, > int (*cb)(struct sk_buff *, struct nlmsghdr *, > @@ -1132,6 +1136,10 @@ static inline int nla_parse_nested(struct nlattr *tb[], int maxtype, > const struct nla_policy *policy, > struct netlink_ext_ack *extack) > { > + if (!(nla->nla_type & NLA_F_NESTED)) { > + NL_SET_ERR_MSG_ATTR(extack, nla, "nested attribute expected"); Maybe reword that to say "NLA_F_NESTED is missing" or so? The "nested attribute expected" could result in a lot of headscratching (without looking at the code) because it looks nested if you do nla_nest_start() etc. > + return -EINVAL; > + } > return __nla_parse(tb, maxtype, nla_data(nla), nla_len(nla), policy, > NL_VALIDATE_STRICT, extack); I'd probably put a blank line there but ymmv. > } > diff --git a/lib/nlattr.c b/lib/nlattr.c > index adc919b32bf9..92da65cb6637 100644 > --- a/lib/nlattr.c > +++ b/lib/nlattr.c > @@ -184,6 +184,21 @@ static int validate_nla(const struct nlattr *nla, int maxtype, > } > } > > + if (validate & NL_VALIDATE_NESTED) { > + if ((pt->type == NLA_NESTED || pt->type == NLA_NESTED_ARRAY) && > + !(nla->nla_type & NLA_F_NESTED)) { > + NL_SET_ERR_MSG_ATTR(extack, nla, > + "nested attribute expected"); > + return -EINVAL; > + } > + if (pt->type != NLA_NESTED && pt->type != NLA_NESTED_ARRAY && > + pt->type != NLA_UNSPEC && (nla->nla_type & NLA_F_NESTED)) { > + NL_SET_ERR_MSG_ATTR(extack, nla, > + "nested attribute not expected"); > + return -EINVAL; Same comment here wrt. the messages, I think they should more explicitly refer to the flag. johannes (PS: if you CC me on this address I generally can respond quicker)