Commit 4d165f61 authored by Jakub Kicinski's avatar Jakub Kicinski Committed by David S. Miller

net: namespace: perform strict checks also for doit handlers

Make RTM_GETNSID's doit handler use strict checks when
NETLINK_F_STRICT_CHK is set.

v2: - don't check size >= sizeof(struct rtgenmsg) (Nicolas).
Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 9b3757b0
...@@ -778,6 +778,41 @@ static int rtnl_net_fill(struct sk_buff *skb, struct net_fill_args *args) ...@@ -778,6 +778,41 @@ static int rtnl_net_fill(struct sk_buff *skb, struct net_fill_args *args)
return -EMSGSIZE; return -EMSGSIZE;
} }
static int rtnl_net_valid_getid_req(struct sk_buff *skb,
const struct nlmsghdr *nlh,
struct nlattr **tb,
struct netlink_ext_ack *extack)
{
int i, err;
if (!netlink_strict_get_check(skb))
return nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, NETNSA_MAX,
rtnl_net_policy, extack);
err = nlmsg_parse_strict(nlh, sizeof(struct rtgenmsg), tb, NETNSA_MAX,
rtnl_net_policy, extack);
if (err)
return err;
for (i = 0; i <= NETNSA_MAX; i++) {
if (!tb[i])
continue;
switch (i) {
case NETNSA_PID:
case NETNSA_FD:
case NETNSA_NSID:
case NETNSA_TARGET_NSID:
break;
default:
NL_SET_ERR_MSG(extack, "Unsupported attribute in peer netns getid request");
return -EINVAL;
}
}
return 0;
}
static int rtnl_net_getid(struct sk_buff *skb, struct nlmsghdr *nlh, static int rtnl_net_getid(struct sk_buff *skb, struct nlmsghdr *nlh,
struct netlink_ext_ack *extack) struct netlink_ext_ack *extack)
{ {
...@@ -793,8 +828,7 @@ static int rtnl_net_getid(struct sk_buff *skb, struct nlmsghdr *nlh, ...@@ -793,8 +828,7 @@ static int rtnl_net_getid(struct sk_buff *skb, struct nlmsghdr *nlh,
struct sk_buff *msg; struct sk_buff *msg;
int err; int err;
err = nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, NETNSA_MAX, err = rtnl_net_valid_getid_req(skb, nlh, tb, extack);
rtnl_net_policy, extack);
if (err < 0) if (err < 0)
return err; return err;
if (tb[NETNSA_PID]) { if (tb[NETNSA_PID]) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment