Re: [PATCH 1/2] netlink: Bounds-check nlmsg_len()
From: Jakub Kicinski
Date: Thu Sep 01 2022 - 15:49:25 EST
On Wed, 31 Aug 2022 23:27:08 -0700 Kees Cook wrote:
> This would catch corrupted values...
>
> Is the concern the growth in image size? The check_sub_overflow() isn't
> large at all -- it's just adding a single overflow bit test. The WARNs
> are heavier, but they're all out-of-line.
It turns the most obvious function into a noodle bar :(
Looking at this function in particular is quite useful, because
it clearly indicates that the nlmsg_len includes the header.
How about we throw in a
WARN_ON_ONCE(nlh->nlmsg_len < NLMSG_HDRLEN ||
nlh->nlmsg_len > INT_MAX);
but leave the actual calculation human readable C?