Hi Laura,
On Thu, Aug 18, 2016 at 06:06:26PM +0200, Laura Garcia Liebana wrote:
> Check for overflow of u8 fields from u32 netlink attributes and maximum
> values.
After a closer look, this lack of validation seems more widespread
than I initially expected.
Look, other enums like:
enum nft_set_policies {
NFT_SET_POL_PERFORMANCE,
NFT_SET_POL_MEMORY,
};
that has no _MAX definition are suspect, actually looking at
net/netfilter/nf_tables_api.c more specifically at
nft_select_set_ops() you'll notice that the switch there doesn't seem
to reject anything over NFT_SET_POL_MEMORY.
So I would review net/netfilter/nf_tables_api.c too.
BTW, I think it is a good idea to add something like:
err = nft_parse_u8(ntohl(nla_get_be32(tb[NFTA_BITWISE_LEN]),
&priv->len);
if (err < 0)
return err;
that we can consistently use all over the code, instead of open
coding:
len = ...
if (len > U8_MAX)
return -ERANGE;
> Refer to 4da449ae1df
Please, use this format instead to refer to patches:
4da449a ("netfilter: nft_exthdr: Add size check on u8 nft_exthdr attributes")
Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
