rtnetlink: require unique netns identifier

author Christian Brauner <christian.brauner@ubuntu.com>

Wed, 7 Feb 2018 12:53:20 +0000 (13:53 +0100)

committer David S. Miller <davem@davemloft.net>

Thu, 8 Feb 2018 19:33:20 +0000 (14:33 -0500)
author Christian Brauner <christian.brauner@ubuntu.com>
Wed, 7 Feb 2018 12:53:20 +0000 (13:53 +0100)
committer David S. Miller <davem@davemloft.net>
Thu, 8 Feb 2018 19:33:20 +0000 (14:33 -0500)
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c

index 56af8e41abfcbfede9300d972a1b8852519a52a6..bc290413a49d5e3c7e115c5d900e087882735397 100644 (file)
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1951,6 +1951,38 @@ static struct net *rtnl_link_get_net_capable(const struct sk_buff *skb,
         return net;
  }
  
+/* Verify that rtnetlink requests do not pass additional properties
+ * potentially referring to different network namespaces.
+ */
+static int rtnl_ensure_unique_netns(struct nlattr *tb[],
+                                   struct netlink_ext_ack *extack,
+                                   bool netns_id_only)
+{
+
+       if (netns_id_only) {
+               if (!tb[IFLA_NET_NS_PID] && !tb[IFLA_NET_NS_FD])
+                       return 0;
+
+               NL_SET_ERR_MSG(extack, "specified netns attribute not supported");
+               return -EOPNOTSUPP;
+       }
+
+       if (tb[IFLA_IF_NETNSID] && (tb[IFLA_NET_NS_PID] || tb[IFLA_NET_NS_FD]))
+               goto invalid_attr;
+
+       if (tb[IFLA_NET_NS_PID] && (tb[IFLA_IF_NETNSID] || tb[IFLA_NET_NS_FD]))
+               goto invalid_attr;
+
+       if (tb[IFLA_NET_NS_FD] && (tb[IFLA_IF_NETNSID] || tb[IFLA_NET_NS_PID]))
+               goto invalid_attr;
+
+       return 0;
+
+invalid_attr:
+       NL_SET_ERR_MSG(extack, "multiple netns identifying attributes specified");
+       return -EINVAL;
+}
+
  static int validate_linkmsg(struct net_device *dev, struct nlattr *tb[])
  {
         if (dev) {
@@ -2553,6 +2585,10 @@ static int rtnl_setlink(struct sk_buff *skb, struct nlmsghdr *nlh,
         if (err < 0)
                 goto errout;
  
+       err = rtnl_ensure_unique_netns(tb, extack, false);
+       if (err < 0)
+               goto errout;
+
         if (tb[IFLA_IFNAME])
                 nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ);
         else
@@ -2649,6 +2685,10 @@ static int rtnl_dellink(struct sk_buff *skb, struct nlmsghdr *nlh,
         if (err < 0)
                 return err;
  
+       err = rtnl_ensure_unique_netns(tb, extack, true);
+       if (err < 0)
+               return err;
+
         if (tb[IFLA_IFNAME])
                 nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ);
  
@@ -2802,6 +2842,10 @@ replay:
         if (err < 0)
                 return err;
  
+       err = rtnl_ensure_unique_netns(tb, extack, false);
+       if (err < 0)
+               return err;
+
         if (tb[IFLA_IFNAME])
                 nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ);
         else
@@ -3045,6 +3089,10 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr *nlh,
         if (err < 0)
                 return err;
  
+       err = rtnl_ensure_unique_netns(tb, extack, true);
+       if (err < 0)
+               return err;
+
         if (tb[IFLA_IF_NETNSID]) {
                 netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]);
                 tgt_net = get_target_net(NETLINK_CB(skb).sk, netnsid);
author	Christian Brauner <christian.brauner@ubuntu.com>
	Wed, 7 Feb 2018 12:53:20 +0000 (13:53 +0100)
committer	David S. Miller <davem@davemloft.net>
	Thu, 8 Feb 2018 19:33:20 +0000 (14:33 -0500)