netlink: add validation of NLA_F_NESTED flag

Add new validation flag NL_VALIDATE_NESTED which adds three consistency checks of NLA_F_NESTED_FLAG: - the flag is set on attributes with NLA_NESTED{,_ARRAY} policy - the flag is not set on attributes with other policies except NLA_UNSPEC - the flag is set on attribute passed to nla_parse_nested() Signed-off-by: Michal Kubecek <mkubecek@suse.cz> v2: change error messages to mention NLA_F_NESTED explicitly Reviewed-by: Johannes Berg <johannes@sipsolutions.net> Reviewed-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Michal Kubecek <mkubecek@suse.cz> 2019-05-02 10:15:10 -0400
committer: David S. Miller <davem@davemloft.net> 2019-05-04 01:27:11 -0400
commit: b424e432e770d6dd572765459d5b6a96a19c5286 (patch)
tree: f2aad0917c7a2e619bca6eefa82eb6b3355fb537 /lib
parent: d54a16b20157ce300298eb4a1169bf9acfda3d08 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/lib/nlattr.c b/lib/nlattr.c
index adc919b32bf9..cace9b307781 100644
--- a/lib/nlattr.c
+++ b/lib/nlattr.c
@@ -184,6 +184,21 @@ static int validate_nla(const struct nlattr *nla, int maxtype,
                }
        }
+        if (validate & NL_VALIDATE_NESTED) {
+                if ((pt->type == NLA_NESTED || pt->type == NLA_NESTED_ARRAY) &&
+                    !(nla->nla_type & NLA_F_NESTED)) {
+                        NL_SET_ERR_MSG_ATTR(extack, nla,
+                                            "NLA_F_NESTED is missing");
+                        return -EINVAL;
+                }
+                if (pt->type != NLA_NESTED && pt->type != NLA_NESTED_ARRAY &&
+                    pt->type != NLA_UNSPEC && (nla->nla_type & NLA_F_NESTED)) {
+                        NL_SET_ERR_MSG_ATTR(extack, nla,
+                                            "NLA_F_NESTED not expected");
+                        return -EINVAL;
+                }
+        }
        switch (pt->type) {
        case NLA_EXACT_LEN:
                if (attrlen != pt->len)
author	Michal Kubecek <mkubecek@suse.cz>	2019-05-02 10:15:10 -0400
committer	David S. Miller <davem@davemloft.net>	2019-05-04 01:27:11 -0400
commit	b424e432e770d6dd572765459d5b6a96a19c5286 (patch)
tree	f2aad0917c7a2e619bca6eefa82eb6b3355fb537 /lib
parent	d54a16b20157ce300298eb4a1169bf9acfda3d08 (diff)

diff --git a/lib/nlattr.c b/lib/nlattr.c index adc919b32bf9..cace9b307781 100644 --- a/lib/nlattr.c +++ b/lib/nlattr.c
@@ -184,6 +184,21 @@ static int validate_nla(const struct nlattr *nla, int maxtype,
184	}	184	}
185	}	185	}
186		186
		187	if (validate & NL_VALIDATE_NESTED) {
		188	if ((pt->type == NLA_NESTED \|\| pt->type == NLA_NESTED_ARRAY) &&
		189	!(nla->nla_type & NLA_F_NESTED)) {
		190	NL_SET_ERR_MSG_ATTR(extack, nla,
		191	"NLA_F_NESTED is missing");
		192	return -EINVAL;
		193	}
		194	if (pt->type != NLA_NESTED && pt->type != NLA_NESTED_ARRAY &&
		195	pt->type != NLA_UNSPEC && (nla->nla_type & NLA_F_NESTED)) {
		196	NL_SET_ERR_MSG_ATTR(extack, nla,
		197	"NLA_F_NESTED not expected");
		198	return -EINVAL;
		199	}
		200	}
		201
187	switch (pt->type) {	202	switch (pt->type) {
188	case NLA_EXACT_LEN:	203	case NLA_EXACT_LEN:
189	if (attrlen != pt->len)	204	if (attrlen != pt->len)