On 10/8/18 4:54 AM, Christian Brauner wrote:

On Sun, Oct 07, 2018 at 08:16:38PM -0700, David Ahern wrote:

quoted

From: David Ahern <redacted>

Update rtnl_net_dumpid for strict data checking. If the flag is set,
the dump request is expected to have an rtgenmsg struct as the header
which has the family as the only element. No data may be appended.

Signed-off-by: David Ahern <redacted>
---
 net/core/net_namespace.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 670c84b1bfc2..fefe72774aeb 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c

@@ -853,6 +853,12 @@ static int rtnl_net_dumpid(struct sk_buff *skb, struct netlink_callback *cb)
 		.s_idx = cb->args[0],
 	};
 
+	if (cb->strict_check &&

Hm, shouldn't this also verify that the passed header is indeed struct
rtgenmsg before checking whether there are any attributes?

rtgenmsg is only a struct with only the family as an element.
rtnetlink_rcv_msg has already verified that the nl msg header contains
at least the rtgenmsg struct.

quoted

+	    nlmsg_attrlen(cb->nlh, sizeof(struct rtgenmsg))) {
+			NL_SET_ERR_MSG(cb->extack, "Unknown data in network namespace id dump request");
+			return -EINVAL;
+	}
+
 	spin_lock_bh(&net->nsid_lock);
 	idr_for_each(&net->netns_ids, rtnl_net_dumpid_one, &net_cb);
 	spin_unlock_bh(&net->nsid_lock);
-- 
2.11.0