diff options
| author | Thomas Graf <tgraf@suug.ch> | 2006-08-26 23:11:47 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 18:18:24 -0400 |
| commit | a5531a5d852008be40811496029012f4ad3093d1 (patch) | |
| tree | f59a1b240753ef4f0a672f256fc01d8a965793d1 /net/netlink | |
| parent | e3b4eadbea77ecb3c3a74d1bc81b392f454c7f2e (diff) | |
[NETLINK]: Improve string attribute validation
Introduces a new attribute type NLA_NUL_STRING to support NUL
terminated strings. Attributes of this kind require to carry
a terminating NUL within the maximum specified in the policy.
The `old' NLA_STRING which is not required to be NUL terminated
is extended to provide means to specify a maximum length of the
string.
Aims at easing the pain with using nla_strlcpy() on temporary
buffers.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netlink')
| -rw-r--r-- | net/netlink/attr.c | 49 |
1 files changed, 39 insertions, 10 deletions
diff --git a/net/netlink/attr.c b/net/netlink/attr.c index 136e529e5780..004139557e09 100644 --- a/net/netlink/attr.c +++ b/net/netlink/attr.c | |||
| @@ -20,7 +20,6 @@ static u16 nla_attr_minlen[NLA_TYPE_MAX+1] __read_mostly = { | |||
| 20 | [NLA_U16] = sizeof(u16), | 20 | [NLA_U16] = sizeof(u16), |
| 21 | [NLA_U32] = sizeof(u32), | 21 | [NLA_U32] = sizeof(u32), |
| 22 | [NLA_U64] = sizeof(u64), | 22 | [NLA_U64] = sizeof(u64), |
| 23 | [NLA_STRING] = 1, | ||
| 24 | [NLA_NESTED] = NLA_HDRLEN, | 23 | [NLA_NESTED] = NLA_HDRLEN, |
| 25 | }; | 24 | }; |
| 26 | 25 | ||
| @@ -28,7 +27,7 @@ static int validate_nla(struct nlattr *nla, int maxtype, | |||
| 28 | struct nla_policy *policy) | 27 | struct nla_policy *policy) |
| 29 | { | 28 | { |
| 30 | struct nla_policy *pt; | 29 | struct nla_policy *pt; |
| 31 | int minlen = 0; | 30 | int minlen = 0, attrlen = nla_len(nla); |
| 32 | 31 | ||
| 33 | if (nla->nla_type <= 0 || nla->nla_type > maxtype) | 32 | if (nla->nla_type <= 0 || nla->nla_type > maxtype) |
| 34 | return 0; | 33 | return 0; |
| @@ -37,16 +36,46 @@ static int validate_nla(struct nlattr *nla, int maxtype, | |||
| 37 | 36 | ||
| 38 | BUG_ON(pt->type > NLA_TYPE_MAX); | 37 | BUG_ON(pt->type > NLA_TYPE_MAX); |
| 39 | 38 | ||
| 40 | if (pt->minlen) | 39 | switch (pt->type) { |
| 41 | minlen = pt->minlen; | 40 | case NLA_FLAG: |
| 42 | else if (pt->type != NLA_UNSPEC) | 41 | if (attrlen > 0) |
| 43 | minlen = nla_attr_minlen[pt->type]; | 42 | return -ERANGE; |
| 43 | break; | ||
| 44 | 44 | ||
| 45 | if (pt->type == NLA_FLAG && nla_len(nla) > 0) | 45 | case NLA_NUL_STRING: |
| 46 | return -ERANGE; | 46 | if (pt->len) |
| 47 | minlen = min_t(int, attrlen, pt->len + 1); | ||
| 48 | else | ||
| 49 | minlen = attrlen; | ||
| 47 | 50 | ||
| 48 | if (nla_len(nla) < minlen) | 51 | if (!minlen || memchr(nla_data(nla), '\0', minlen) == NULL) |
| 49 | return -ERANGE; | 52 | return -EINVAL; |
| 53 | /* fall through */ | ||
| 54 | |||
| 55 | case NLA_STRING: | ||
| 56 | if (attrlen < 1) | ||
| 57 | return -ERANGE; | ||
| 58 | |||
| 59 | if (pt->len) { | ||
| 60 | char *buf = nla_data(nla); | ||
| 61 | |||
| 62 | if (buf[attrlen - 1] == '\0') | ||
| 63 | attrlen--; | ||
| 64 | |||
| 65 | if (attrlen > pt->len) | ||
| 66 | return -ERANGE; | ||
| 67 | } | ||
| 68 | break; | ||
| 69 | |||
| 70 | default: | ||
| 71 | if (pt->len) | ||
| 72 | minlen = pt->len; | ||
| 73 | else if (pt->type != NLA_UNSPEC) | ||
| 74 | minlen = nla_attr_minlen[pt->type]; | ||
| 75 | |||
| 76 | if (attrlen < minlen) | ||
| 77 | return -ERANGE; | ||
| 78 | } | ||
| 50 | 79 | ||
| 51 | return 0; | 80 | return 0; |
| 52 | } | 81 | } |