Re: [PATCH 0/5 net] bridge: Fix missing Netlink message validations

[PATCH 0/5 net] bridge: Fix missing Netlink message validations · Thomas Graf <tgraf@suug.ch> · 2014-11-26
[PATCH 1/5] bridge: Validate IFLA_BRIDGE_FLAGS attribute length · Thomas Graf <tgraf@suug.ch> · 2014-11-26
[PATCH 2/5] net: Validate IFLA_BRIDGE_MODE attribute length · Thomas Graf <tgraf@suug.ch> · 2014-11-26
Re: [PATCH 2/5] net: Validate IFLA_BRIDGE_MODE attribute length · Jeff Kirsher <hidden> · 2014-11-26
Re: [PATCH 2/5] net: Validate IFLA_BRIDGE_MODE attribute length · John Fastabend <john.fastabend@gmail.com> · 2014-11-26
[PATCH 3/5] net: Check for presence of IFLA_AF_SPEC · Thomas Graf <tgraf@suug.ch> · 2014-11-26
Re: [PATCH 3/5] net: Check for presence of IFLA_AF_SPEC · Jeff Kirsher <hidden> · 2014-11-26
[PATCH 4/5] bridge: Add missing policy entry for IFLA_BRPORT_FAST_LEAVE · Thomas Graf <tgraf@suug.ch> · 2014-11-26
[PATCH 5/5] bridge: Sanitize IFLA_EXT_MASK for AF_BRIDGE:RTM_GETLINK · Thomas Graf <tgraf@suug.ch> · 2014-11-26
Re: [PATCH 0/5 net] bridge: Fix missing Netlink message validations · John Fastabend <john.fastabend@gmail.com> · 2014-11-26
Re: [PATCH 0/5 net] bridge: Fix missing Netlink message validations · Thomas Graf <tgraf@suug.ch> · 2014-11-26
Re: [PATCH 0/5 net] bridge: Fix missing Netlink message validations · John Fastabend <john.fastabend@gmail.com> · 2014-11-26
Re: [PATCH 0/5 net] bridge: Fix missing Netlink message validations · Thomas Graf <tgraf@suug.ch> · 2014-11-26
Re: [PATCH 0/5 net] bridge: Fix missing Netlink message validations · John Fastabend <john.fastabend@gmail.com> · 2014-11-29
Re: [PATCH 0/5 net] bridge: Fix missing Netlink message validations · David Miller <davem@davemloft.net> · 2014-11-26

From: John Fastabend <john.fastabend@gmail.com>
Date: 2014-11-29 17:51:56

On 11/26/2014 03:14 PM, Thomas Graf wrote:

On 11/26/14 at 09:25am, John Fastabend wrote:

quoted

--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c

@@ -1687,8 +1687,11 @@ static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla)
                BUG();

        if (tb[IFLA_INET_CONF]) {
-               nla_for_each_nested(a, tb[IFLA_INET_CONF], rem)
+               nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) {
+                       if (nla_len(a) < sizeof(u32))
+                               return -EINVAL;
                        ipv4_devconf_set(in_dev, nla_type(a), nla_get_u32(a));
+               }

Looked into this and found a validation function
inet_validate_link_af(). It's split to keep the updates atomic.

Ah great thanks.

-- 
John Fastabend         Intel Corporation

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help