diff mbox series

[net] tcp_metrics: validate source addr length

Message ID 20240626194747.2561617-1-kuba@kernel.org (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series [net] tcp_metrics: validate source addr length | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag present in non-next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 859 this patch: 859
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 6 of 6 maintainers
netdev/build_clang success Errors and warnings before: 863 this patch: 863
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 863 this patch: 863
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 7 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-06-27--03-00 (tests: 665)

Commit Message

Jakub Kicinski June 26, 2024, 7:47 p.m. UTC 
I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4
is at least 4 bytes long, and the policy doesn't have an entry
for this attribute at all (neither does it for IPv6 but v6 is
manually validated).

Fixes: 8a59359cb80f ("tcp: metrics: New netlink attribute for src IP and dumped in netlink reply")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---
In net-next we can make v6 use policy for validation, too.
But it will conflict, so I'll send that on Thu.
---
CC: dsahern@kernel.org
CC: christoph.paasch@uclouvain.be
---
 net/ipv4/tcp_metrics.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Eric Dumazet June 26, 2024, 9 p.m. UTC | #1 
On Wed, Jun 26, 2024 at 9:47 PM Jakub Kicinski <kuba@kernel.org> wrote:
>
> I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4
> is at least 4 bytes long, and the policy doesn't have an entry
> for this attribute at all (neither does it for IPv6 but v6 is
> manually validated).
>
> Fixes: 8a59359cb80f ("tcp: metrics: New netlink attribute for src IP and dumped in netlink reply")

This  commit added dump only for these attributes.

It seems the bug was added in

commit 3e7013ddf55af7bc191792b8aea0c2b94fb0fef5
Author: Christoph Paasch <christoph.paasch@uclouvain.be>
Date:   Wed Jan 8 16:05:59 2014 +0100

    tcp: metrics: Allow selective get/del of tcp-metrics based on src IP


> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
> ---
> In net-next we can make v6 use policy for validation, too.
> But it will conflict, so I'll send that on Thu.


Reviewed-by: Eric Dumazet <edumazet@google.com>
diff mbox series

Patch

diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
index e93df98de3f4..b01eb6d94413 100644
--- a/net/ipv4/tcp_metrics.c
+++ b/net/ipv4/tcp_metrics.c
@@ -619,6 +619,7 @@  static const struct nla_policy tcp_metrics_nl_policy[TCP_METRICS_ATTR_MAX + 1] =
 	[TCP_METRICS_ATTR_ADDR_IPV4]	= { .type = NLA_U32, },
 	[TCP_METRICS_ATTR_ADDR_IPV6]	= { .type = NLA_BINARY,
 					    .len = sizeof(struct in6_addr), },
+	[TCP_METRICS_ATTR_SADDR_IPV4]	= { .type = NLA_U32, },
 	/* Following attributes are not received for GET/DEL,
 	 * we keep them for reference
 	 */