Re: [PATCH 1/2] netlink: Bounds-check nlmsg_len()

From: Jakub Kicinski
Date: Thu Sep 01 2022 - 15:49:25 EST

Next message: Andrew Morton: "Re: [PATCH v3] mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page"
Previous message: Andy Shevchenko: "Re: [PATCH v3 18/19] hwmon: (mr75203) add debugfs to read and write temperature coefficients"
In reply to: Kees Cook: "Re: [PATCH 1/2] netlink: Bounds-check nlmsg_len()"
Next in thread: Eric Dumazet: "Re: [PATCH 1/2] netlink: Bounds-check nlmsg_len()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 31 Aug 2022 23:27:08 -0700 Kees Cook wrote:
> This would catch corrupted values...
>
> Is the concern the growth in image size? The check_sub_overflow() isn't
> large at all -- it's just adding a single overflow bit test. The WARNs
> are heavier, but they're all out-of-line.

It turns the most obvious function into a noodle bar :(

Looking at this function in particular is quite useful, because
it clearly indicates that the nlmsg_len includes the header.

How about we throw in a

WARN_ON_ONCE(nlh->nlmsg_len < NLMSG_HDRLEN ||
nlh->nlmsg_len > INT_MAX);

but leave the actual calculation human readable C?

Next message: Andrew Morton: "Re: [PATCH v3] mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page"
Previous message: Andy Shevchenko: "Re: [PATCH v3 18/19] hwmon: (mr75203) add debugfs to read and write temperature coefficients"
In reply to: Kees Cook: "Re: [PATCH 1/2] netlink: Bounds-check nlmsg_len()"
Next in thread: Eric Dumazet: "Re: [PATCH 1/2] netlink: Bounds-check nlmsg_len()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]