From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [nft PATCH] erec: Sanitize erec location indesc
Date: Tue, 9 Feb 2021 15:11:51 +0100 [thread overview]
Message-ID: <20210209141151.GO3158@orbyte.nwl.cc> (raw)
In-Reply-To: <20210209131511.GA27807@salvia>
Hi Pablo,
On Tue, Feb 09, 2021 at 02:15:11PM +0100, Pablo Neira Ayuso wrote:
> On Wed, Feb 03, 2021 at 11:45:07AM +0100, Phil Sutter wrote:
> > On Wed, Feb 03, 2021 at 01:38:32AM +0100, Pablo Neira Ayuso wrote:
> > > On Tue, Jan 26, 2021 at 06:55:02PM +0100, Phil Sutter wrote:
> > > > erec_print() unconditionally dereferences erec->locations->indesc, so
> > > > make sure it is valid when either creating an erec or adding a location.
> > >
> > > I guess your're trigger a bug where erec is indesc is NULL, thing is
> > > that indesc should be always set on. Is there a reproducer for this bug?
> >
> > Yes, exactly. I hit it when trying to clean up the netdev family reject
> > support, while just "hacking around". You can trigger it with the
> > following change:
> >
> > | --- a/src/evaluate.c
> > | +++ b/src/evaluate.c
> > | @@ -2718,7 +2718,7 @@ static int stmt_evaluate_reject_bridge(struct eval_ctx *ctx, struct stmt *stmt,
> > | const struct proto_desc *desc;
> > |
> > | desc = ctx->pctx.protocol[PROTO_BASE_LL_HDR].desc;
> > | - if (desc != &proto_eth && desc != &proto_vlan && desc != &proto_netdev)
> > | + if (desc != &proto_eth && desc != &proto_vlan)
> > | return stmt_binary_error(ctx,
> > | &ctx->pctx.protocol[PROTO_BASE_LL_HDR],
> > | stmt, "unsupported link layer protocol");
>
> I'm attaching fix.
>
> Looks like call to stmt_binary_error() parameters are not in the right
> order, &ctx->pctx.protocol[PROTO_BASE_LL_HDR] has indesc.
Thanks for addressing the root problem!
> Probably add a bugtrap to erec to check that indesc is always set on
> accordingly instead?
Is it better than just sanitizing input to error functions? After all we
just want to make sure users see the error message, right? Catching
the programming mistake (wrong args passed to __stmt_binary_error())
IMHO is useful only if we can compile-time assert it. Otherwise we risk
hiding error info from user.
Cheers, Phil
next prev parent reply other threads:[~2021-02-09 14:12 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-26 17:55 [nft PATCH] erec: Sanitize erec location indesc Phil Sutter
2021-02-03 0:38 ` Pablo Neira Ayuso
2021-02-03 10:45 ` Phil Sutter
2021-02-09 13:15 ` Pablo Neira Ayuso
2021-02-09 13:22 ` Pablo Neira Ayuso
2021-02-09 14:11 ` Phil Sutter [this message]
2021-02-09 15:50 ` Pablo Neira Ayuso
2021-02-09 15:53 ` Pablo Neira Ayuso
2021-02-09 15:54 ` Pablo Neira Ayuso
2021-02-09 16:01 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210209141151.GO3158@orbyte.nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).