Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp29847pxb;
        Tue, 12 Apr 2022 15:56:20 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwu+QCx/tbHmr5YHafd5xFIR5jn9xecpJb2aJ1U4KClYABGWudiMzH5UOYx7j6+ayHRRz03
X-Received: by 2002:a17:90b:33ca:b0:1cb:d0c:e1b5 with SMTP id lk10-20020a17090b33ca00b001cb0d0ce1b5mr7340133pjb.178.1649804180641;
        Tue, 12 Apr 2022 15:56:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1649804180; cv=none;
        d=google.com; s=arc-20160816;
        b=AWcxqZcj56G6Quc4cQ1iPXUOgYNnSL+TBHmUX+/3r26B7yySqZu9SS3+nlV1SXEQmi
         061f+waeAxwFWi0T8F2PB2zKqHI3/YgvFN+V+LZzM+Jyv6TEibTamvzdbfGGP/FzqQLg
         agr24mtR9eelqDzyu8hWv6EZKU5vUay+dAhK3KpTsrL+xYrYY9ujWnDuIA/h7y/2ZDl5
         +51epfFKLKKAc10coqAV2DzhRpYHL8QjUU8Eb8oH0Cv9PslyiMRE/7f23un5u8r+5W5O
         PhBnEBCk3s4NkS18/pp4VmBma7SaiKBMOWX4ljxVkeVWVxeLPYoO8PPsxp0WTycFDeBL
         RiUQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=6ZFJqRNRBcc/1CSNo6dgzw19xITJ3XSW1gG40k+t1TQ=;
        b=s9Cu2DJ9WLZNnEGp4wQyw+GzK92MlT5RbXUyr58SXh3rKGq4b/wieI9Ex+iSHYEsYq
         /0Q0vUV/MH0nzeYICfnKB+Dr6TX08HIxhodtHMni7lOlJh5s+BmeOIu00WWAvKWGh3Gz
         is5TxBRpZq2OX0EDZsC/Scje9yisdJIrMLDWGY1t1j+GON+LVlXXjtV/j5huAi4CvfvU
         +pmikkhU3rn7B1XDpnw/RO5YDzLyRBPtBkljBLzdXWvIAAYO6gkaYeGgXSmfdxVDGwBb
         TjebW35NbDP3mYT0nHkPkRNeEs3UmCLo/lCWl7FU++/AZUIiTNLfz8cnSfz23+uDnS1J
         nfXQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=zrgFeQ1s;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id oj6-20020a17090b4d8600b001bfc324fc16si18024009pjb.99.2022.04.12.15.56.20
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 12 Apr 2022 15:56:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=zrgFeQ1s;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id CF8971252AF;
	Tue, 12 Apr 2022 14:38:07 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1350615AbiDLGmj (ORCPT <rfc822;2bno13@gmail.com> + 99 others);
        Tue, 12 Apr 2022 02:42:39 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51060 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1350193AbiDLGk3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Apr 2022 02:40:29 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B2371DF1B;
        Mon, 11 Apr 2022 23:35:41 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 4D3046189D;
        Tue, 12 Apr 2022 06:35:41 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 59AD9C385A1;
        Tue, 12 Apr 2022 06:35:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1649745340;
        bh=hSs9leFkcxgo7zIL5+hzAKeXk3u0O/fjZFZTJGdTqDs=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=zrgFeQ1sDr3TFSrdpowLfpX8BHIYCHPDjaDqDmgWSqorYCY2g0EAByp9Jfx1G93oM
         9BcMqRb1y3GljTJfNQYxzqYRFcZrKf1pHCN9DWnAqyjtC9oW5xaoZ3wXDaudWCf6bD
         rIlGPgX8JJ4IDBZ343sYy59ERMNl7MEMwBxLqtn0=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, George Shuklin <george.shuklin@gmail.com>,
        David Ahern <dsahern@kernel.org>,
        Jakub Kicinski <kuba@kernel.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 062/171] net: limit altnames to 64k total
Date:   Tue, 12 Apr 2022 08:29:13 +0200
Message-Id: <20220412062929.678145059@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220412062927.870347203@linuxfoundation.org>
References: <20220412062927.870347203@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Jakub Kicinski <kuba@kernel.org>

[ Upstream commit 155fb43b70b5fce341347a77d1af2765d1e8fbb8 ]

Property list (altname is a link "property") is wrapped
in a nlattr. nlattrs length is 16bit so practically
speaking the list of properties can't be longer than
that, otherwise user space would have to interpret
broken netlink messages.

Prevent the problem from occurring by checking the length
of the property list before adding new entries.

Reported-by: George Shuklin <george.shuklin@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/core/rtnetlink.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 77b3d9cc08a1..873081cda950 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -3626,12 +3626,23 @@ static int rtnl_alt_ifname(int cmd, struct net_device *dev, struct nlattr *attr,
 			   bool *changed, struct netlink_ext_ack *extack)
 {
 	char *alt_ifname;
+	size_t size;
 	int err;
 
 	err = nla_validate(attr, attr->nla_len, IFLA_MAX, ifla_policy, extack);
 	if (err)
 		return err;
 
+	if (cmd == RTM_NEWLINKPROP) {
+		size = rtnl_prop_list_size(dev);
+		size += nla_total_size(ALTIFNAMSIZ);
+		if (size >= U16_MAX) {
+			NL_SET_ERR_MSG(extack,
+				       "effective property list too long");
+			return -EINVAL;
+		}
+	}
+
 	alt_ifname = nla_strdup(attr, GFP_KERNEL_ACCOUNT);
 	if (!alt_ifname)
 		return -ENOMEM;
-- 
2.35.1