review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 8 Aug 2022 17:30:06 +0000 (19:30 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 31 Aug 2022 15:16:41 +0000 (17:16 +0200)
commit	4097749aec5444825579152e0eece5d87bb377b0
tree	6efa1ce1306ce52848c6fb57c13860554ff0cbb6	tree \| snapshot
parent	cc311eae1f30dc44637979942b4253eaeab3ab26	commit \| diff

netfilter: nf_tables: upfront validation of data via nft_data_init()

[ Upstream commit 341b6941608762d8235f3fd1e45e4d7114ed8c2c ]

Instead of parsing the data and then validate that type and length are
correct, pass a description of the expected data so it can be validated
upfront before parsing it to bail out earlier.

This patch adds a new .size field to specify the maximum size of the
data area. The .len field is optional and it is used as an input/output
field, it provides the specific length of the expected data in the input
path. If then .len field is not specified, then obtained length from the
netlink attribute is stored. This is required by cmp, bitwise, range and
immediate, which provide no netlink attribute that describes the data
length. The immediate expression uses the destination register type to
infer the expected data type.

Relying on opencoded validation of the expected data might lead to
subtle bugs as described in 7e6bc1f6cabc ("netfilter: nf_tables:
stricter validation of element data").

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

include/net/netfilter/nf_tables.h		diff \| blob \| history
net/netfilter/nf_tables_api.c		diff \| blob \| history
net/netfilter/nft_bitwise.c		diff \| blob \| history
net/netfilter/nft_cmp.c		diff \| blob \| history
net/netfilter/nft_immediate.c		diff \| blob \| history
net/netfilter/nft_range.c		diff \| blob \| history