Re: [PATCH net] net: rtnetlink: fix bugs in rtnl_alt_ifname()

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Jiri Pirko <jiri@resnulli.us>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Eric Dumazet <edumazet@google.com>,
	"David S . Miller" <davem@davemloft.net>,
	netdev <netdev@vger.kernel.org>, Jiri Pirko <jiri@mellanox.com>,
	syzbot <syzkaller@googlegroups.com>
Subject: Re: [PATCH net] net: rtnetlink: fix bugs in rtnl_alt_ifname()
Date: Thu, 13 Feb 2020 08:17:01 +0100	[thread overview]
Message-ID: <20200213071701.GE22610@nanopsycho> (raw)
In-Reply-To: <2e122d94-89a1-f2aa-2613-2fc75ff6b4d1@gmail.com>

Thu, Feb 13, 2020 at 07:58:01AM CET, eric.dumazet@gmail.com wrote:
>
>
>On 2/12/20 10:45 PM, Jiri Pirko wrote:
>> Thu, Feb 13, 2020 at 05:58:26AM CET, edumazet@google.com wrote:
>>> Since IFLA_ALT_IFNAME is an NLA_STRING, we have no
>>> guarantee it is nul terminated.
>>>
>>> We should use nla_strdup() instead of kstrdup(), since this
>>> helper will make sure not accessing out-of-bounds data.
>>>
>>> 
>>> Fixes: 36fbf1e52bd3 ("net: rtnetlink: add linkprop commands to add and delete alternative ifnames")
>>> Signed-off-by: Eric Dumazet <edumazet@google.com>
>>> Cc: Jiri Pirko <jiri@mellanox.com>
>>> Reported-by: syzbot <syzkaller@googlegroups.com>
>>> ---
>>> net/core/rtnetlink.c | 26 ++++++++++++--------------
>>> 1 file changed, 12 insertions(+), 14 deletions(-)
>>>
>>> diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
>>> index 09c44bf2e1d28842d77b4ed442ef2c051a25ad21..e1152f4ffe33efb0a69f17a1f5940baa04942e5b 100644
>>> --- a/net/core/rtnetlink.c
>>> +++ b/net/core/rtnetlink.c
>>> @@ -3504,27 +3504,25 @@ static int rtnl_alt_ifname(int cmd, struct net_device *dev, struct nlattr *attr,
>>> 	if (err)
>>> 		return err;
>>>
>>> -	alt_ifname = nla_data(attr);
>>> +	alt_ifname = nla_strdup(attr, GFP_KERNEL);
>>> +	if (!alt_ifname)
>>> +		return -ENOMEM;
>>> +
>>> 	if (cmd == RTM_NEWLINKPROP) {
>>> -		alt_ifname = kstrdup(alt_ifname, GFP_KERNEL);
>>> -		if (!alt_ifname)
>>> -			return -ENOMEM;
>>> 		err = netdev_name_node_alt_create(dev, alt_ifname);
>>> -		if (err) {
>>> -			kfree(alt_ifname);
>>> -			return err;
>>> -		}
>>> +		if (!err)
>>> +			alt_ifname = NULL;
>>> 	} else if (cmd == RTM_DELLINKPROP) {
>>> 		err = netdev_name_node_alt_destroy(dev, alt_ifname);
>>> -		if (err)
>>> -			return err;
>>> 	} else {
>> 
>> 
>>> -		WARN_ON(1);
>>> -		return 0;
>>> +		WARN_ON_ONCE(1);
>>> +		err = -EINVAL;
>> 
>> These 4 lines do not seem to be related to the rest of the patch. Should
>> it be a separate patch?
>
>Well, we have to kfree(alt_ifname).
>
>Generally speaking I tried to avoid return in the middle of this function.

Yep, but you also change the return value. So that looked to me like
something for another patch. But as you wish :)


>
>The WARN_ON(1) is dead code today, making it a WARN_ON_ONCE(1) is simply
>a matter of avoiding syslog floods if this path is ever triggered in the future.
>
>> 
>> Otherwise, the patch looks fine to me.
>>
>
>Thanks !
>

Reviewed-by: Jiri Pirko <jiri@mellanox.com>

next prev parent reply	other threads:[~2020-02-13  7:17 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-13  4:58 [PATCH net] net: rtnetlink: fix bugs in rtnl_alt_ifname() Eric Dumazet
2020-02-13  6:45 ` Jiri Pirko
2020-02-13  6:58   ` Eric Dumazet
2020-02-13  7:17     ` Jiri Pirko [this message]
2020-02-14  7:11     ` Eric Dumazet
2020-02-14  8:33       ` Jiri Pirko
2020-02-17  2:53 ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200213071701.GE22610@nanopsycho \
    --to=jiri@resnulli.us \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=eric.dumazet@gmail.com \
    --cc=jiri@mellanox.com \
    --cc=netdev@vger.kernel.org \
    --cc=syzkaller@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).