diff options
| author | David S. Miller <davem@davemloft.net> | 2019-01-19 10:09:59 -0800 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2019-01-19 10:09:59 -0800 |
| commit | e266afa9c7afc51deaaf1e1566a8dfbc6f632b07 (patch) | |
| tree | 706b013a6ff1715d81bd3054721a8ecdaf9aa16d /net/core/net_namespace.c | |
| parent | 133bbb18ab1a2f5549435c5a3126413344ddbcb8 (diff) | |
| parent | 0c4056ee8433487cfcc19621b85586c88ec927c0 (diff) | |
Merge branch 'net-use-strict-checks-in-doit-handlers'
Jakub Kicinski says:
====================
net: use strict checks in doit handlers
This series extends strict argument checking to doit handlers
of the GET* nature. This is a bit tricky since strict checking
flag has already been released..
iproute2 did not have a release with strick checks enabled,
and it will only need a minor one-liner to pass strick checks
after all the work that DaveA has already done.
Big thanks to Dave Ahern for help and guidence.
v2:
- remove unnecessary check in patch 5 (Nicolas);
- add path 7 (DaveA);
- improve messages in patch 8 (DaveA).
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/core/net_namespace.c')
| -rw-r--r-- | net/core/net_namespace.c | 38 |
1 files changed, 36 insertions, 2 deletions
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index b02fb19df2cc..17f36317363d 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -778,6 +778,41 @@ nla_put_failure: return -EMSGSIZE; } +static int rtnl_net_valid_getid_req(struct sk_buff *skb, + const struct nlmsghdr *nlh, + struct nlattr **tb, + struct netlink_ext_ack *extack) +{ + int i, err; + + if (!netlink_strict_get_check(skb)) + return nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, NETNSA_MAX, + rtnl_net_policy, extack); + + err = nlmsg_parse_strict(nlh, sizeof(struct rtgenmsg), tb, NETNSA_MAX, + rtnl_net_policy, extack); + if (err) + return err; + + for (i = 0; i <= NETNSA_MAX; i++) { + if (!tb[i]) + continue; + + switch (i) { + case NETNSA_PID: + case NETNSA_FD: + case NETNSA_NSID: + case NETNSA_TARGET_NSID: + break; + default: + NL_SET_ERR_MSG(extack, "Unsupported attribute in peer netns getid request"); + return -EINVAL; + } + } + + return 0; +} + static int rtnl_net_getid(struct sk_buff *skb, struct nlmsghdr *nlh, struct netlink_ext_ack *extack) { @@ -793,8 +828,7 @@ static int rtnl_net_getid(struct sk_buff *skb, struct nlmsghdr *nlh, struct sk_buff *msg; int err; - err = nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, NETNSA_MAX, - rtnl_net_policy, extack); + err = rtnl_net_valid_getid_req(skb, nlh, tb, extack); if (err < 0) return err; if (tb[NETNSA_PID]) { |