From: Florian Westphal <fw@strlen.de>
To: Roman Kubiak <r.kubiak@samsung.com>
Cc: "Florian Westphal" <fw@strlen.de>,
netfilter-devel@vger.kernel.org,
"Rafał Krypa" <r.krypa@samsung.com>
Subject: Re: [PATCH v2] nfnetlink_queue: add security context information
Date: Tue, 26 May 2015 15:06:23 +0200 [thread overview]
Message-ID: <20150526130623.GD7817@breakpoint.cc> (raw)
In-Reply-To: <55646731.9040803@samsung.com>
Roman Kubiak <r.kubiak@samsung.com> wrote:
> I was wondering, assuming i remove the NULL termination and SMACK sends a piece of data that's not null terminated,
> how, on the userland side, can i find out about that size ?
The size of netlink attribute is stored in netlink header.
For old libnfnetlink based api, see nfq_get_payload() in
libnetfilter_queue.
> Please notice that i send a libnetfilter_queue patch:
> [PATCH] libnetfitler_queue: receive security context info
>
> it uses
> *secdata = (unsigned char *)nfnl_get_pointer_to_data(nfad->data, NFQA_SECCTX, char);
> to get the security context data, but there is no info about the size, where can i find that not to go over bounds and read beyond what i should ?
NFQ_PAYLOAD(nfad->data[NFQA_SECCTX - 1])
For libmnl based api (preferred), you'd use
mnl_nlmsg_get_payload_len(attr[NFQA_SECCTX])
next prev parent reply other threads:[~2015-05-26 13:07 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-25 10:16 [PATCH] Security context information added to netfilter_queue Roman Kubiak
2015-05-25 10:48 ` Florian Westphal
2015-05-25 13:13 ` Pablo Neira Ayuso
2015-05-25 16:09 ` [PATCH v2] nfnetlink_queue: add security context information Roman Kubiak
2015-05-25 20:52 ` Florian Westphal
2015-05-26 12:29 ` Roman Kubiak
2015-05-26 13:06 ` Florian Westphal [this message]
2015-05-27 11:04 ` [PATCH v3] " Roman Kubiak
2015-05-27 11:12 ` Roman Kubiak
2015-05-27 12:49 ` Pablo Neira Ayuso
2015-06-10 15:20 ` Roman Kubiak
2015-06-10 16:05 ` Florian Westphal
2015-06-11 12:56 ` Roman Kubiak
2015-06-11 23:37 ` Florian Westphal
2015-06-12 10:32 ` Roman Kubiak
2015-06-12 10:42 ` Florian Westphal
2015-06-12 13:02 ` [PATCH v3] nfnetlink_queue: add security context informationg Pablo Neira Ayuso
2015-06-16 12:25 ` [PATCH] libmnl: security context retrieval in nf-queue example Roman Kubiak
2015-06-16 12:37 ` Pablo Neira Ayuso
2015-06-16 12:58 ` Roman Kubiak
2015-06-16 15:25 ` Pablo Neira Ayuso
2015-06-16 16:14 ` Roman Kubiak
2015-06-30 15:33 ` Pablo Neira Ayuso
2015-06-18 19:02 ` [PATCH v3] nfnetlink_queue: add security context information Pablo Neira Ayuso
2015-05-27 11:48 ` Florian Westphal
2015-05-28 16:11 ` Roman Kubiak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150526130623.GD7817@breakpoint.cc \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=r.krypa@samsung.com \
--cc=r.kubiak@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).