From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Laura Garcia Liebana <nevola@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH v2] netfilter: nf_tables: Check for overflow of u8 fields from u32 netlink attributes
Date: Wed, 17 Aug 2016 17:53:59 +0200 [thread overview]
Message-ID: <20160817155359.GA16128@salvia> (raw)
In-Reply-To: <20160814145933.GA22849@sonyv>
On Sun, Aug 14, 2016 at 04:59:36PM +0200, Laura Garcia Liebana wrote:
> diff --git a/net/netfilter/nft_cmp.c b/net/netfilter/nft_cmp.c
> index e25b35d..ca247e5 100644
> --- a/net/netfilter/nft_cmp.c
> +++ b/net/netfilter/nft_cmp.c
> @@ -84,8 +84,11 @@ static int nft_cmp_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
> if (err < 0)
> return err;
>
> - priv->op = ntohl(nla_get_be32(tb[NFTA_CMP_OP]));
> + if (desc.len > U8_MAX)
> + return -EINVAL;
I suggest we use return -ERANGE instead of -EINVAL.
> priv->len = desc.len;
> + priv->op = ntohl(nla_get_be32(tb[NFTA_CMP_OP]));
Hm, I just noticed this priv->op is not validated either?
If so, we should add NFT_CMP_MAX to enum nft_cmp_ops and check if this
is:
if (priv->op >= NFT_CMP_MAX)
return -ERANGE;
You can send this in a follow up patch given that this doesn't match
the description, or you rework the title and description to make this
all fit in one logical change.
> diff --git a/net/netfilter/nft_immediate.c b/net/netfilter/nft_immediate.c
> index db3b746..6de590c 100644
> --- a/net/netfilter/nft_immediate.c
> +++ b/net/netfilter/nft_immediate.c
> @@ -53,6 +53,9 @@ static int nft_immediate_init(const struct nft_ctx *ctx,
> tb[NFTA_IMMEDIATE_DATA]);
> if (err < 0)
> return err;
> +
> + if (desc.len > U8_MAX)
> + return -EINVAL;
> priv->dlen = desc.len;
>
> priv->dreg = nft_parse_register(tb[NFTA_IMMEDIATE_DREG]);
> diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
> index ee2d717..74f8293 100644
> --- a/net/netfilter/nft_nat.c
> +++ b/net/netfilter/nft_nat.c
> @@ -148,6 +148,8 @@ static int nft_nat_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
> family = ntohl(nla_get_be32(tb[NFTA_NAT_FAMILY]));
> if (family != ctx->afi->family)
> return -EOPNOTSUPP;
> + if (family > U8_MAX)
> + return -EINVAL;
I think we don't need this, because we check later on:
switch (family) {
case NFPROTO_IPV4:
...
case NFPROTO_IPV6:
...
default:
return -EAFNOSUPPORT;
}
So this check is superfluous, you can remove it.
prev parent reply other threads:[~2016-08-17 16:05 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-14 14:59 [PATCH v2] netfilter: nf_tables: Check for overflow of u8 fields from u32 netlink attributes Laura Garcia Liebana
2016-08-17 15:53 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160817155359.GA16128@salvia \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=nevola@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.