From: Patrick McHardy <kaber@trash.net>
To: Thomas Graf <tgraf@suug.ch>
Cc: "David S. Miller" <davem@davemloft.net>,
Jamal Hadi Salim <hadi@cyberus.ca>,
netdev@oss.sgi.com
Subject: Re: [PATCH] PKT_SCHED: Fix cls indev validation
Date: Mon, 20 Dec 2004 09:27:27 +0100 [thread overview]
Message-ID: <41C68CEF.3030803@trash.net> (raw)
In-Reply-To: <20041219203050.GK17998@postel.suug.ch>
Thomas Graf wrote:
> Dave,
>
> This patch is actually part of a patchset for 2.6.11 inclusion
> but the memory corruption possibility might make it worth
> for 2.6.10. It's not really dangerous since it requires
> admin capabilities though.
There are lots of places where this is possible, just look
at all the silly checks in the action code:
sprintf(act_name, "%s", (char*)RTA_DATA(kind));
if (RTA_PAYLOAD(kind) >= IFNAMSIZ) {
> Puts the indev validation into its own function to allow
> parameter validation before any changes are made. Changes
> the sanity check from >= IFNAMSIZ to > IFNAMSIZ to correctly
> handle 0 terminated strings and replaces the dangerous sprintf
> with a memcpy bound to the TLV size. Providing a indev TLV
> for kernels without CONFIG_NET_CLS_IND support will now lead
> to EOPPNOTSUPP.
Why special-case indev ? Neither u32 nor fw make any attempt
to clean up after errors in their init functions, so instead
of fixing a single attribute they need to do proper cleanup,
than we can just continue to validate indev when changing it.
Returning EOPNOTSUPP makes sense, of course.
I'm also against keeping all those printks when touching the
code. Its ok when writing new code, but I don't see why this
code, unlike everything else, needs to report errors in the
ringbuffer instead of returning meaningful error codes.
> +static inline void
> +tcf_change_indev(struct tcf_proto *tp, char *indev, struct rtattr *id_tlv)
> +{
> + memset(indev, 0, IFNAMSIZ);
> + memcpy(indev, RTA_DATA(id_tlv), RTA_PAYLOAD(id_tlv));
> + indev[IFNAMSIZ - 1] = '\0';
> +}
And this should just use strlcpy.
Regards
Patrick
next prev parent reply other threads:[~2004-12-20 8:27 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-19 20:30 [PATCH] PKT_SCHED: Fix cls indev validation Thomas Graf
2004-12-20 8:27 ` Patrick McHardy [this message]
2004-12-20 13:03 ` Thomas Graf
2004-12-20 14:16 ` jamal
2004-12-20 20:07 ` Thomas Graf
2004-12-21 10:17 ` Patrick McHardy
2004-12-22 0:31 ` Thomas Graf
2004-12-22 9:36 ` Patrick McHardy
2004-12-22 13:32 ` jamal
2004-12-22 14:26 ` Thomas Graf
2004-12-28 13:27 ` jamal
2004-12-21 0:22 ` Thomas Graf
2004-12-21 0:56 ` David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41C68CEF.3030803@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=hadi@cyberus.ca \
--cc=netdev@oss.sgi.com \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).