On Fri, 2019-04-26 at 19:06 +0200, Pablo Neira Ayuso wrote:
>
> > This basically flattens the whole thing.
> >
> > Obviously, the walking may allocate some memory, and the last loop to
> > send it out isn't actually a loop like that because it's a netlink dump
> > with each entry being in a separ
On Fri, Apr 26, 2019 at 07:03:10PM +0200, Johannes Berg wrote:
> On Fri, 2019-04-26 at 18:57 +0200, Pablo Neira Ayuso wrote:
> >
> > > +/*
> > > + * Nested policies might refer back to the original
> > > + * policy in some cases, and userspace could try to
> > > + * abuse that and recurse by nesti
On Fri, 2019-04-26 at 18:57 +0200, Pablo Neira Ayuso wrote:
>
> > +/*
> > + * Nested policies might refer back to the original
> > + * policy in some cases, and userspace could try to
> > + * abuse that and recurse by nesting in the right
> > + * ways. Limit recursion to avoid this problem.
> > +
On Fri, Apr 05, 2019 at 11:24:14PM +0200, Johannes Berg wrote:
> From: Johannes Berg
>
> Now that we have nested policies, we can theoretically
> recurse forever parsing attributes if a (sub-)policy
> refers back to a higher level one. This is a situation
> that has happened in nl80211, and we've
From: Johannes Berg
Now that we have nested policies, we can theoretically
recurse forever parsing attributes if a (sub-)policy
refers back to a higher level one. This is a situation
that has happened in nl80211, and we've avoided it there
by not linking it.
Add some code to netlink parsing to l
