[PATCH net-next 3/3] netlink: add validation of NLA_F_NESTED flag

From: Michal Kubecek
Date: Thu May 02 2019 - 08:48:42 EST

Next message: Johannes Berg: "Re: [PATCH net-next 1/3] genetlink: do not validate dump requests if there is no policy"
Previous message: Michal Kubecek: "[PATCH net-next 0/3] netlink: strict attribute checking follow-up"
In reply to: David Ahern: "Re: [PATCH net-next 2/3] netlink: set bad attribute also on maxtype check"
Next in thread: Johannes Berg: "Re: [PATCH net-next 3/3] netlink: add validation of NLA_F_NESTED flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Add new validation flag NL_VALIDATE_NESTED which adds three consistency
checks of NLA_F_NESTED_FLAG:

- the flag is set on attributes with NLA_NESTED{,_ARRAY} policy
- the flag is not set on attributes with other policies except NLA_UNSPEC
- the flag is set on attribute passed to nla_parse_nested()

Signed-off-by: Michal Kubecek <mkubecek@xxxxxxx>
---
include/net/netlink.h | 10 +++++++++-
lib/nlattr.c | 15 +++++++++++++++
2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/include/net/netlink.h b/include/net/netlink.h
index 679f649748d4..55f68e00fb6e 100644
--- a/include/net/netlink.h
+++ b/include/net/netlink.h
@@ -401,6 +401,8 @@ struct nl_info {
* are enforced going forward.
* @NL_VALIDATE_STRICT_ATTRS: strict attribute policy parsing (e.g.
* U8, U16, U32 must have exact size, etc.)
+ * @NL_VALIDATE_NESTED: Check that NLA_F_NESTED is set for NLA_NESTED(_ARRAY)
+ * and unset for other policies.
*/
enum netlink_validation {
NL_VALIDATE_LIBERAL = 0,
@@ -408,6 +410,7 @@ enum netlink_validation {
NL_VALIDATE_MAXTYPE = BIT(1),
NL_VALIDATE_UNSPEC = BIT(2),
NL_VALIDATE_STRICT_ATTRS = BIT(3),
+ NL_VALIDATE_NESTED = BIT(4),
};

#define NL_VALIDATE_DEPRECATED_STRICT (NL_VALIDATE_TRAILING |\
@@ -415,7 +418,8 @@ enum netlink_validation {
#define NL_VALIDATE_STRICT (NL_VALIDATE_TRAILING |\
NL_VALIDATE_MAXTYPE |\
NL_VALIDATE_UNSPEC |\
- NL_VALIDATE_STRICT_ATTRS)
+ NL_VALIDATE_STRICT_ATTRS |\
+ NL_VALIDATE_NESTED)

int netlink_rcv_skb(struct sk_buff *skb,
int (*cb)(struct sk_buff *, struct nlmsghdr *,
@@ -1132,6 +1136,10 @@ static inline int nla_parse_nested(struct nlattr *tb[], int maxtype,
const struct nla_policy *policy,
struct netlink_ext_ack *extack)
{
+ if (!(nla->nla_type & NLA_F_NESTED)) {
+ NL_SET_ERR_MSG_ATTR(extack, nla, "nested attribute expected");
+ return -EINVAL;
+ }
return __nla_parse(tb, maxtype, nla_data(nla), nla_len(nla), policy,
NL_VALIDATE_STRICT, extack);
}
diff --git a/lib/nlattr.c b/lib/nlattr.c
index adc919b32bf9..92da65cb6637 100644
--- a/lib/nlattr.c
+++ b/lib/nlattr.c
@@ -184,6 +184,21 @@ static int validate_nla(const struct nlattr *nla, int maxtype,
}
}

+ if (validate & NL_VALIDATE_NESTED) {
+ if ((pt->type == NLA_NESTED || pt->type == NLA_NESTED_ARRAY) &&
+ !(nla->nla_type & NLA_F_NESTED)) {
+ NL_SET_ERR_MSG_ATTR(extack, nla,
+ "nested attribute expected");
+ return -EINVAL;
+ }
+ if (pt->type != NLA_NESTED && pt->type != NLA_NESTED_ARRAY &&
+ pt->type != NLA_UNSPEC && (nla->nla_type & NLA_F_NESTED)) {
+ NL_SET_ERR_MSG_ATTR(extack, nla,
+ "nested attribute not expected");
+ return -EINVAL;
+ }
+ }
+
switch (pt->type) {
case NLA_EXACT_LEN:
if (attrlen != pt->len)
--
2.21.0

Next message: Johannes Berg: "Re: [PATCH net-next 1/3] genetlink: do not validate dump requests if there is no policy"
Previous message: Michal Kubecek: "[PATCH net-next 0/3] netlink: strict attribute checking follow-up"
In reply to: David Ahern: "Re: [PATCH net-next 2/3] netlink: set bad attribute also on maxtype check"
Next in thread: Johannes Berg: "Re: [PATCH net-next 3/3] netlink: add validation of NLA_F_NESTED flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]