Re: nla_put_string() vs NLA_STRING

From: David Miller
Date: Thu Feb 22 2018 - 14:07:14 EST

Next message: Jacopo Mondi: "[PATCH 4/6] arm64: dts: renesas: r8a77965: Add #phy-cells property"
Previous message: Jacopo Mondi: "[PATCH 6/6] arm64: dts: renesas: r8a77965: Add #interrupt-cells property"
In reply to: Kees Cook: "nla_put_string() vs NLA_STRING"
Next in thread: Johannes Berg: "Re: nla_put_string() vs NLA_STRING"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kees Cook <keescook@xxxxxxxxxx>
Date: Tue, 20 Feb 2018 22:00:26 -0800

> So, this specific problem needs fixing (in at least two places calling
> nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, ...)). While I suspect
> it's only ever written an extra byte from the following variable in
> the structure which is an enum nl80211_dfs_regions, I worry there
> might be a lot more of these (though I'd hope unterminated strings are
> uncommon for internal representation). And more generally, it seems
> like only the NLA _input_ functions actually check nla_policy details.
> It seems that the output functions should do the same too, yes?

Generally speaking, the policy is for making sure the user doesn't
give us garbage.

When building netlink attributes itself, the kernel is supposed to
know what it is doing.

Next message: Jacopo Mondi: "[PATCH 4/6] arm64: dts: renesas: r8a77965: Add #phy-cells property"
Previous message: Jacopo Mondi: "[PATCH 6/6] arm64: dts: renesas: r8a77965: Add #interrupt-cells property"
In reply to: Kees Cook: "nla_put_string() vs NLA_STRING"
Next in thread: Johannes Berg: "Re: nla_put_string() vs NLA_STRING"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]