1. 24 Apr, 2016 1 commit
  2. 21 Apr, 2016 1 commit
  3. 31 Mar, 2015 1 commit
  4. 13 Feb, 2015 1 commit
  5. 04 Jun, 2014 1 commit
  6. 02 Jun, 2014 1 commit
  7. 01 Apr, 2014 1 commit
    • Pablo Neira's avatar
      netlink: don't compare the nul-termination in nla_strcmp · 8b7b9324
      Pablo Neira authored
      nla_strcmp compares the string length plus one, so it's implicitly
      including the nul-termination in the comparison.
      
       int nla_strcmp(const struct nlattr *nla, const char *str)
       {
              int len = strlen(str) + 1;
              ...
                      d = memcmp(nla_data(nla), str, len);
      
      However, if NLA_STRING is used, userspace can send us a string without
      the nul-termination. This is a problem since the string
      comparison will not match as the last byte may be not the
      nul-termination.
      
      Fix this by skipping the comparison of the nul-termination if the
      attribute data is nul-terminated. Suggested by Thomas Graf.
      
      Cc: Florian Westphal <fw@strlen.de>
      Cc: Thomas Graf <tgraf@suug.ch>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8b7b9324
  8. 30 Aug, 2012 1 commit
  9. 07 Mar, 2012 1 commit
  10. 04 Nov, 2011 1 commit
    • Johannes Berg's avatar
      netlink: validate NLA_MSECS length · c30bc947
      Johannes Berg authored
      L2TP for example uses NLA_MSECS like this:
      policy:
              [L2TP_ATTR_RECV_TIMEOUT]        = { .type = NLA_MSECS, },
      code:
              if (info->attrs[L2TP_ATTR_RECV_TIMEOUT])
                      cfg.reorder_timeout = nla_get_msecs(info->attrs[L2TP_ATTR_RECV_TIMEOUT]);
      
      As nla_get_msecs() is essentially nla_get_u64() plus the
      conversion to a HZ-based value, this will not properly
      reject attributes from userspace that aren't long enough
      and might overrun the message.
      
      Add NLA_MSECS to the attribute minlen array to check the
      size properly.
      
      Cc: Thomas Graf <tgraf@suug.ch>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c30bc947
  11. 28 Feb, 2011 1 commit
  12. 16 Nov, 2010 1 commit
  13. 01 Nov, 2010 1 commit
  14. 11 Mar, 2009 1 commit
  15. 04 Mar, 2009 1 commit
  16. 28 Nov, 2008 1 commit
  17. 28 Oct, 2008 1 commit
  18. 28 Jun, 2008 1 commit
  19. 03 Jun, 2008 1 commit
  20. 28 Jan, 2008 1 commit
  21. 10 Oct, 2007 1 commit
  22. 11 Jul, 2007 1 commit
  23. 07 Jun, 2007 1 commit
  24. 26 Apr, 2007 1 commit
  25. 22 Sep, 2006 2 commits
  26. 30 Jun, 2006 1 commit
  27. 10 Nov, 2005 1 commit