All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH iproute2] ip: xfrm: add NUL character to security context name before printing
@ 2021-02-16 16:50 Sabrina Dubroca
  2021-03-08 11:30 ` Sabrina Dubroca
  2021-03-08 17:18 ` Stephen Hemminger
  0 siblings, 2 replies; 4+ messages in thread
From: Sabrina Dubroca @ 2021-02-16 16:50 UTC (permalink / raw)
  To: netdev; +Cc: dsahern, stephen, Sabrina Dubroca, Paul Wouters

Security context names are not guaranteed to be NUL-terminated by the
kernel, so we can't just print them using %s directly. The length of
the string is capped by the size of the netlink attribute (u16), so it
will always fit within 65535 bytes.

While at it, factor that out to a separate function, since the exact
same code is used to print the security context for both policies and
states.

Fixes: b2bb289a57fe ("xfrm security context support")
Reported-by: Paul Wouters <pwouters@redhat.com>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
---
 ip/ipxfrm.c | 46 ++++++++++++++++++++--------------------------
 1 file changed, 20 insertions(+), 26 deletions(-)

diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index e4a72bd06778..3fc0e13ef112 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -916,6 +916,22 @@ static int xfrm_selector_iszero(struct xfrm_selector *s)
 	return (memcmp(&s0, s, sizeof(s0)) == 0);
 }
 
+static void xfrm_sec_ctx_print(FILE *fp, struct rtattr *attr)
+{
+	struct xfrm_user_sec_ctx *sctx;
+	char buf[65536] = {};
+
+	fprintf(fp, "\tsecurity context ");
+
+	if (RTA_PAYLOAD(attr) < sizeof(*sctx))
+		fprintf(fp, "(ERROR truncated)");
+
+	sctx = RTA_DATA(attr);
+
+	memcpy(buf, (char *)(sctx + 1), sctx->ctx_len);
+	fprintf(fp, "%s %s", buf, _SL_);
+}
+
 void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
 			    struct rtattr *tb[], FILE *fp, const char *prefix,
 			    const char *title, bool nokeys)
@@ -983,19 +999,8 @@ void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
 		xfrm_stats_print(&xsinfo->stats, fp, buf);
 	}
 
-	if (tb[XFRMA_SEC_CTX]) {
-		struct xfrm_user_sec_ctx *sctx;
-
-		fprintf(fp, "\tsecurity context ");
-
-		if (RTA_PAYLOAD(tb[XFRMA_SEC_CTX]) < sizeof(*sctx))
-			fprintf(fp, "(ERROR truncated)");
-
-		sctx = RTA_DATA(tb[XFRMA_SEC_CTX]);
-
-		fprintf(fp, "%s %s", (char *)(sctx + 1), _SL_);
-	}
-
+	if (tb[XFRMA_SEC_CTX])
+		xfrm_sec_ctx_print(fp, tb[XFRMA_SEC_CTX]);
 }
 
 void xfrm_policy_info_print(struct xfrm_userpolicy_info *xpinfo,
@@ -1006,19 +1011,8 @@ void xfrm_policy_info_print(struct xfrm_userpolicy_info *xpinfo,
 
 	xfrm_selector_print(&xpinfo->sel, preferred_family, fp, title);
 
-	if (tb[XFRMA_SEC_CTX]) {
-		struct xfrm_user_sec_ctx *sctx;
-
-		fprintf(fp, "\tsecurity context ");
-
-		if (RTA_PAYLOAD(tb[XFRMA_SEC_CTX]) < sizeof(*sctx))
-			fprintf(fp, "(ERROR truncated)");
-
-		sctx = RTA_DATA(tb[XFRMA_SEC_CTX]);
-
-		fprintf(fp, "%s ", (char *)(sctx + 1));
-		fprintf(fp, "%s", _SL_);
-	}
+	if (tb[XFRMA_SEC_CTX])
+		xfrm_sec_ctx_print(fp, tb[XFRMA_SEC_CTX]);
 
 	if (prefix)
 		strlcat(buf, prefix, sizeof(buf));
-- 
2.30.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-03-09 15:45 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-02-16 16:50 [PATCH iproute2] ip: xfrm: add NUL character to security context name before printing Sabrina Dubroca
2021-03-08 11:30 ` Sabrina Dubroca
2021-03-08 17:18 ` Stephen Hemminger
2021-03-09 15:44   ` [PATCH iproute2 v2] ip: xfrm: limit the length of the security context name when printing Sabrina Dubroca

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.