Re: [Patch net] cls_flower: call nla_ok() before nla_next()

2021-01-14 Thread Jakub Kicinski
On Wed, 13 Jan 2021 23:20:24 -0800 Cong Wang wrote: > On Tue, Jan 12, 2021 at 5:38 PM Jakub Kicinski wrote: > > > > On Mon, 11 Jan 2021 18:55:48 -0800 Cong Wang wrote: > > > From: Cong Wang > > > > > > fl_set_enc_opt() simply checks if there are still bytes left to parse, > > > but this is not

Re: [Patch net] cls_flower: call nla_ok() before nla_next()

2021-01-13 Thread Cong Wang
On Tue, Jan 12, 2021 at 6:22 PM Xin Long wrote: > > On Wed, Jan 13, 2021 at 1:43 AM Cong Wang wrote: > > > > On Tue, Jan 12, 2021 at 3:52 AM Xin Long wrote: > > > > > > On Tue, Jan 12, 2021 at 10:56 AM Cong Wang > > > wrote: > > > > > > > > From: Cong Wang > > > > > > > > fl_set_enc_opt() sim

Re: [Patch net] cls_flower: call nla_ok() before nla_next()

2021-01-13 Thread Cong Wang
On Tue, Jan 12, 2021 at 5:38 PM Jakub Kicinski wrote: > > On Mon, 11 Jan 2021 18:55:48 -0800 Cong Wang wrote: > > From: Cong Wang > > > > fl_set_enc_opt() simply checks if there are still bytes left to parse, > > but this is not sufficent as syzbot seems to be able to generate > > malformatted ne

Re: [Patch net] cls_flower: call nla_ok() before nla_next()

2021-01-12 Thread Xin Long
On Wed, Jan 13, 2021 at 1:43 AM Cong Wang wrote: > > On Tue, Jan 12, 2021 at 3:52 AM Xin Long wrote: > > > > On Tue, Jan 12, 2021 at 10:56 AM Cong Wang wrote: > > > > > > From: Cong Wang > > > > > > fl_set_enc_opt() simply checks if there are still bytes left to parse, > > > but this is not suf

Re: [Patch net] cls_flower: call nla_ok() before nla_next()

2021-01-12 Thread Jakub Kicinski
On Mon, 11 Jan 2021 18:55:48 -0800 Cong Wang wrote: > From: Cong Wang > > fl_set_enc_opt() simply checks if there are still bytes left to parse, > but this is not sufficent as syzbot seems to be able to generate > malformatted netlink messages. nla_ok() is more strict so should be > used to valid

Re: [Patch net] cls_flower: call nla_ok() before nla_next()

2021-01-12 Thread Cong Wang
On Tue, Jan 12, 2021 at 3:52 AM Xin Long wrote: > > On Tue, Jan 12, 2021 at 10:56 AM Cong Wang wrote: > > > > From: Cong Wang > > > > fl_set_enc_opt() simply checks if there are still bytes left to parse, > > but this is not sufficent as syzbot seems to be able to generate > > malformatted netli

Re: [Patch net] cls_flower: call nla_ok() before nla_next()

2021-01-12 Thread Xin Long
On Tue, Jan 12, 2021 at 10:56 AM Cong Wang wrote: > > From: Cong Wang > > fl_set_enc_opt() simply checks if there are still bytes left to parse, > but this is not sufficent as syzbot seems to be able to generate > malformatted netlink messages. nla_ok() is more strict so should be > used to valid

[Patch net] cls_flower: call nla_ok() before nla_next()

2021-01-11 Thread Cong Wang
From: Cong Wang fl_set_enc_opt() simply checks if there are still bytes left to parse, but this is not sufficent as syzbot seems to be able to generate malformatted netlink messages. nla_ok() is more strict so should be used to validate the next nlattr here. And nla_validate_nested_deprecated()