On Mon, Aug 08, 2022 at 07:30:06PM +0200, Pablo Neira Ayuso wrote:
> Instead of parsing the data and then validate that type and length are
> correct, pass a description of the expected data so it can be validated
> upfront before parsing it to bail out earlier.
>
> This patch adds a new .size field to specify the maximum size of the
> data area. The .len field is optional and it is used as an input/output
> field, it provides the specific length of the expected data in the input
> path. If then .len field is not specified, then obtained length from the
> netlink attribute is stored. This is required by cmp, bitwise, range and
> immediate, which provide no netlink attribute that describes the data
> length. The immediate expression uses the destination register type to
> infer the expected data type.
>
> Relying on opencoded validation of the expected data might lead to
> subtle bugs as described in 7e6bc1f6cabc ("netfilter: nf_tables:
> stricter validation of element data").
For the record, this series are applied
