On Mon, Jul 31, 2023 at 12:03:26PM -0700, Jakub Kicinski wrote: > On Mon, 31 Jul 2023 20:12:47 +0800 Lin Ma wrote: > > In short, the very direct idea to fix such lengh-check-forgotten bug is > > add nla_len() checks like > > > > if (nla_len(nla) < SOME_LEN) > > return -EINVAL; > > > > However, this is tedious and just like Leon said: add another layer of > > cabal knowledge. The better solution should leverage the nla_policy and > > discard nlattr whose length is invalid when doing parsing. That is, we > > should defined a nested_policy for the X above like > > Hard no. Putting array index into attr type is an advanced case and the > parsing code has to be able to deal with low level netlink details. Jakub, IMHO, you are lowering too much the separation line between simple vs. advanced use cases. I had no idea that my use-case of passing nested netlink array is counted as advanced usage. Thanks
