From: Patrick McHardy <kaber@trash.net>
To: Thomas Graf <tgraf@suug.ch>
Cc: Linux Netdev List <netdev@vger.kernel.org>,
"David S. Miller" <davem@davemloft.net>,
lartc@mailman.ds9a.nl
Subject: [LARTC] Re: [NET]: Fix fib_rules compatibility breakage
Date: Tue, 20 Mar 2007 19:58:55 +0000 [thread overview]
Message-ID: <46003CFF.8050109@trash.net> (raw)
In-Reply-To: <20070320181547.GO521@postel.suug.ch>
Thomas Graf wrote:
> * Patrick McHardy <kaber@trash.net> 2007-03-20 17:59
>
>>The presence of the attributes when src_len/dst_len is non-zero
>>is only verified in fib_newrule, so this looks like it might crash
>>when something broken sets src_len/dst_len to a non-zero value
>>without actually adding the attributes.
>
>
> You're right, we need to validate in fib_nl_delrule() as well.
>
> Based on Patrick's patch:
> The fib_rules netlink attribute policy introduced in 2.6.19 broke
> userspace compatibilty. When specifying a rule with "from all"
> or "to all", iproute adds a zero byte long netlink attribute,
> but the policy requires all addresses to have a size equal to
> sizeof(struct in_addr)/sizeof(struct in6_addr), resulting in a
> validation error.
>
> Check attribute length of FRA_SRC/FRA_DST in the generic framework
> by letting the family specific rules implementation provide the
> length of an address. Report an error if address length is non
> zero but no address attribute is provided. Fix actual bug by
> checking address length for non-zero instead of relying on
> availability of attribute.
>
> Signed-off-by: Thomas Graf <tgraf@suug.ch>
This looks good, thanks.
Signed-off-by: Patrick McHardy <kaber@trash.net>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
WARNING: multiple messages have this Message-ID (diff)
From: Patrick McHardy <kaber@trash.net>
To: Thomas Graf <tgraf@suug.ch>
Cc: Linux Netdev List <netdev@vger.kernel.org>,
"David S. Miller" <davem@davemloft.net>,
lartc@mailman.ds9a.nl
Subject: Re: [NET]: Fix fib_rules compatibility breakage
Date: Tue, 20 Mar 2007 20:58:55 +0100 [thread overview]
Message-ID: <46003CFF.8050109@trash.net> (raw)
In-Reply-To: <20070320181547.GO521@postel.suug.ch>
Thomas Graf wrote:
> * Patrick McHardy <kaber@trash.net> 2007-03-20 17:59
>
>>The presence of the attributes when src_len/dst_len is non-zero
>>is only verified in fib_newrule, so this looks like it might crash
>>when something broken sets src_len/dst_len to a non-zero value
>>without actually adding the attributes.
>
>
> You're right, we need to validate in fib_nl_delrule() as well.
>
> Based on Patrick's patch:
> The fib_rules netlink attribute policy introduced in 2.6.19 broke
> userspace compatibilty. When specifying a rule with "from all"
> or "to all", iproute adds a zero byte long netlink attribute,
> but the policy requires all addresses to have a size equal to
> sizeof(struct in_addr)/sizeof(struct in6_addr), resulting in a
> validation error.
>
> Check attribute length of FRA_SRC/FRA_DST in the generic framework
> by letting the family specific rules implementation provide the
> length of an address. Report an error if address length is non
> zero but no address attribute is provided. Fix actual bug by
> checking address length for non-zero instead of relying on
> availability of attribute.
>
> Signed-off-by: Thomas Graf <tgraf@suug.ch>
This looks good, thanks.
Signed-off-by: Patrick McHardy <kaber@trash.net>
next prev parent reply other threads:[~2007-03-20 19:58 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-19 3:46 [LARTC] [BUG?] ip ru flush && RTNETLINK answers: Numerical result Luciano Ruete
2007-03-19 5:54 ` Patrick McHardy
2007-03-19 5:54 ` [LARTC] [BUG?] ip ru flush && RTNETLINK answers: Numerical result out of range Patrick McHardy
2007-03-19 15:25 ` [LARTC] [BUG?] ip ru flush && RTNETLINK answers: Numerical result Thomas Graf
2007-03-19 15:25 ` [LARTC] [BUG?] ip ru flush && RTNETLINK answers: Numerical result out of range Thomas Graf
2007-03-20 6:19 ` [LARTC] [BUG?] ip ru flush && RTNETLINK answers: Numerical result Patrick McHardy
2007-03-20 6:19 ` [BUG?] ip ru flush && RTNETLINK answers: Numerical result out of range Patrick McHardy
2007-03-20 6:42 ` [LARTC] [BUG?] ip ru flush && RTNETLINK answers: Numerical result Patrick McHardy
2007-03-20 6:42 ` [LARTC] [BUG?] ip ru flush && RTNETLINK answers: Numerical result out of range Patrick McHardy
2007-03-20 16:40 ` [LARTC] [NET]: Fix fib_rules compatibility breakage Thomas Graf
2007-03-20 16:40 ` Thomas Graf
2007-03-20 16:59 ` [LARTC] " Patrick McHardy
2007-03-20 16:59 ` Patrick McHardy
2007-03-20 18:15 ` [LARTC] " Thomas Graf
2007-03-20 18:15 ` Thomas Graf
2007-03-20 19:58 ` Patrick McHardy [this message]
2007-03-20 19:58 ` Patrick McHardy
2007-03-24 19:48 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46003CFF.8050109@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=lartc@mailman.ds9a.nl \
--cc=netdev@vger.kernel.org \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.