On 03/31/14 at 03:08pm, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > I think you're right, a quick look at the users of this:
> >
> > net/core/fib_rules.c: nla_strcmp(tb[FRA_IIFNAME], rule->iifname))
> > net/core/fib_rules.c: nla_strcmp(tb[FRA_OIFNAME], rule->oifname))
> > net/core/neighbour.c: if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0)
> > net/decnet/dn_dev.c: if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label))
> > net/ipv4/devinet.c: if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label))
> > net/netfilter/nf_tables_api.c: if (!nla_strcmp(nla, table->name))
> > net/netfilter/nf_tables_api.c: !nla_strcmp(nla, chain_type[family][i]->name))
> > net/netfilter/nf_tables_api.c: if (!nla_strcmp(nla, chain->name))
> > net/netfilter/nf_tables_api.c: if (!nla_strcmp(nla, type->name) &&
> > net/netfilter/nf_tables_api.c: if (!nla_strcmp(nla, set->name))
> > net/sched/act_api.c: if (nla_strcmp(kind, a->kind) == 0) {
> > net/sched/cls_api.c: if (nla_strcmp(kind, t->kind) == 0) {
> > net/sched/cls_api.c: } else if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], tp->ops->kind))
> > net/sched/sch_api.c: if (nla_strcmp(kind, q->id) == 0) {
> > net/sched/sch_api.c: if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], q->ops->id))
> > net/sched/sch_api.c: if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], q->ops->id))
> > net/sched/sch_api.c: nla_strcmp(tca[TCA_KIND], q->ops->id))))
> > net/sched/sch_api.c: if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], q->ops->id
> >
> > In the current iproute2 tree: /ip/ipntable.c:
> >
> > len = strlen(namep) + 1;
> > addattr_l(&req.n, sizeof(req), NDTA_NAME, namep, len)
> >
> > from ip/ipaddress.c:
> >
> > addattr_l(&req.n, sizeof(req), IFA_LABEL, l, strlen(l)+1)
> >
> > They are indeed including the nul-termination, that's why the
> > comparison is working.
> > I don't find any validation for TCA_KIND though, but that nla_strcmp
> > is implicitly enforcing the nul-termination, otherwise will return a
> > mismatch.
>
> You're right, aliasing it to nla_memcmp would break iproute2.
>
> So looks like we'd have to add backwards compat to nla_strcmp and check if the last
> byte of nla data is a zero byte to catch this.
>
> Lets see if Thomas has a better idea.
Seems safe to just fix nla_strcmp() to disregard the terminating
NUL in the attribute data if it is present, just like validate_nla()
does for NLA_STRING.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
