| From 473ef9157321b9601f3fbfd14a9ecb2a8b72ee79 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Wed, 9 Mar 2022 10:29:14 -0800 |
| Subject: net: limit altnames to 64k total |
| |
| From: Jakub Kicinski <kuba@kernel.org> |
| |
| [ Upstream commit 155fb43b70b5fce341347a77d1af2765d1e8fbb8 ] |
| |
| Property list (altname is a link "property") is wrapped |
| in a nlattr. nlattrs length is 16bit so practically |
| speaking the list of properties can't be longer than |
| that, otherwise user space would have to interpret |
| broken netlink messages. |
| |
| Prevent the problem from occurring by checking the length |
| of the property list before adding new entries. |
| |
| Reported-by: George Shuklin <george.shuklin@gmail.com> |
| Reviewed-by: David Ahern <dsahern@kernel.org> |
| Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| net/core/rtnetlink.c | 11 +++++++++++ |
| 1 file changed, 11 insertions(+) |
| |
| diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c |
| index 6a7883ec0489..ef56dc8d7c44 100644 |
| --- a/net/core/rtnetlink.c |
| +++ b/net/core/rtnetlink.c |
| @@ -3631,12 +3631,23 @@ static int rtnl_alt_ifname(int cmd, struct net_device *dev, struct nlattr *attr, |
| bool *changed, struct netlink_ext_ack *extack) |
| { |
| char *alt_ifname; |
| + size_t size; |
| int err; |
| |
| err = nla_validate(attr, attr->nla_len, IFLA_MAX, ifla_policy, extack); |
| if (err) |
| return err; |
| |
| + if (cmd == RTM_NEWLINKPROP) { |
| + size = rtnl_prop_list_size(dev); |
| + size += nla_total_size(ALTIFNAMSIZ); |
| + if (size >= U16_MAX) { |
| + NL_SET_ERR_MSG(extack, |
| + "effective property list too long"); |
| + return -EINVAL; |
| + } |
| + } |
| + |
| alt_ifname = nla_strdup(attr, GFP_KERNEL_ACCOUNT); |
| if (!alt_ifname) |
| return -ENOMEM; |
| -- |
| 2.35.1 |
| |