From: roopa <roopa@cumulusnetworks.com>
To: Daniel Borkmann <daniel@iogearbox.net>
Cc: davem@davemloft.net, netdev@vger.kernel.org,
Scott Feldman <sfeldma@gmail.com>,
Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Subject: Re: [PATCH net] rtnetlink: reject non-IFLA_VF_PORT attributes inside IFLA_VF_PORTS
Date: Tue, 14 Jul 2015 07:49:24 -0700 [thread overview]
Message-ID: <55A52174.1040600@cumulusnetworks.com> (raw)
In-Reply-To: <b6917238569c4f53d4516b71b8206e8d02e2ac21.1436736717.git.daniel@iogearbox.net>
On 7/12/15, 3:06 PM, Daniel Borkmann wrote:
> Similarly as in commit 4f7d2cdfdde7 ("rtnetlink: verify IFLA_VF_INFO
> attributes before passing them to driver"), we have a double nesting
> of netlink attributes, i.e. IFLA_VF_PORTS only contains IFLA_VF_PORT
> that is nested itself. While IFLA_VF_PORTS is a verified attribute
> from ifla_policy[], we only check if the IFLA_VF_PORTS container has
> IFLA_VF_PORT attributes and then pass the attribute's content itself
> via nla_parse_nested(). It would be more correct to reject inner types
> other than IFLA_VF_PORT instead of continuing parsing and also similarly
> as in commit 4f7d2cdfdde7, to check for a minimum of NLA_HDRLEN.
>
> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
> Cc: Roopa Prabhu <roopa@cumulusnetworks.com>
> Cc: Scott Feldman <sfeldma@gmail.com>
> Cc: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
>
Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com>
next prev parent reply other threads:[~2015-07-14 14:49 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-12 22:06 [PATCH net] rtnetlink: reject non-IFLA_VF_PORT attributes inside IFLA_VF_PORTS Daniel Borkmann
2015-07-14 14:49 ` roopa [this message]
2015-07-15 22:54 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55A52174.1040600@cumulusnetworks.com \
--to=roopa@cumulusnetworks.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=jgunthorpe@obsidianresearch.com \
--cc=netdev@vger.kernel.org \
--cc=sfeldma@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.