From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH net] netlink: Relax attr validation for fixed length types Date: Tue, 05 Dec 2017 17:58:54 -0500 (EST) Message-ID: <20171205.175854.1782419625303745570.davem@davemloft.net> References: <20171205195540.41822-1-dsahern@gmail.com> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org, johannes@sipsolutions.net To: dsahern@gmail.com Return-path: Received: from shards.monkeyblade.net ([184.105.139.130]:41848 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752194AbdLEW66 (ORCPT ); Tue, 5 Dec 2017 17:58:58 -0500 In-Reply-To: <20171205195540.41822-1-dsahern@gmail.com> Sender: netdev-owner@vger.kernel.org List-ID: From: David Ahern Date: Tue, 5 Dec 2017 12:55:40 -0700 > Commit 28033ae4e0f5 ("net: netlink: Update attr validation to require > exact length for some types") requires attributes using types NLA_U* and > NLA_S* to have an exact length. This change is exposing bugs in various > userspace commands that are sending attributes with an invalid length > (e.g., attribute has type NLA_U8 and userspace sends NLA_U32). While > the commands are clearly broken and need to be fixed, users are arguing > that the sudden change in enforcement is breaking older commands on > newer kernels for use cases that otherwise "worked". > > Relax the validation to print a warning mesage similar to what is done > for messages containing extra bytes after parsing. > > Fixes: 28033ae4e0f5 ("net: netlink: Update attr validation to require exact length for some types") > Signed-off-by: David Ahern Johannes, please review. > --- > lib/nlattr.c | 15 +++++++++++---- > 1 file changed, 11 insertions(+), 4 deletions(-) > > diff --git a/lib/nlattr.c b/lib/nlattr.c > index 8bf78b4b78f0..6122662906c8 100644 > --- a/lib/nlattr.c > +++ b/lib/nlattr.c > @@ -28,8 +28,16 @@ static const u8 nla_attr_len[NLA_TYPE_MAX+1] = { > }; > > static const u8 nla_attr_minlen[NLA_TYPE_MAX+1] = { > + [NLA_U8] = sizeof(u8), > + [NLA_U16] = sizeof(u16), > + [NLA_U32] = sizeof(u32), > + [NLA_U64] = sizeof(u64), > [NLA_MSECS] = sizeof(u64), > [NLA_NESTED] = NLA_HDRLEN, > + [NLA_S8] = sizeof(s8), > + [NLA_S16] = sizeof(s16), > + [NLA_S32] = sizeof(s32), > + [NLA_S64] = sizeof(s64), > }; > > static int validate_nla_bitfield32(const struct nlattr *nla, > @@ -70,10 +78,9 @@ static int validate_nla(const struct nlattr *nla, int maxtype, > BUG_ON(pt->type > NLA_TYPE_MAX); > > /* for data types NLA_U* and NLA_S* require exact length */ > - if (nla_attr_len[pt->type]) { > - if (attrlen != nla_attr_len[pt->type]) > - return -ERANGE; > - return 0; > + if (nla_attr_len[pt->type] && attrlen != nla_attr_len[pt->type]) { > + pr_warn_ratelimited("netlink: '%s': attribute type %d has an invalid length.\n", > + current->comm, type); > } > > switch (pt->type) { > -- > 2.11.0 >