diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2020-01-07 07:27:40 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2020-01-07 10:02:10 +0100 |
| commit | a0f466387dbca955f3681d7a163a5af174df0a4b (patch) | |
| tree | de6fc306bc067b86712b09d377f9dac356ee5e5f /sys/linux/socket_netlink.txt | |
| parent | d2bde102ff975f30067203b5d039174d54a1b701 (diff) | |
sys/linux: fix 2 netlink data layout bugs
1. Turns out that NLA_F_NESTED is actually used and checked
(nla_parse_nested checks it, while nla_parse_nested_deprecated does not).
Similarly, ipset extensively checks NLA_F_NET_BYTEORDER.
So we need these bits.
2. nla_len must not account for the trailing alighnment padding.
This means we set wrong len for payloads that are not multiple of 4
(int8/int16/strings/arrays/some structs/etc).
Diffstat (limited to 'sys/linux/socket_netlink.txt')
| -rw-r--r-- | sys/linux/socket_netlink.txt | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/sys/linux/socket_netlink.txt b/sys/linux/socket_netlink.txt index e459514a3..9efc4e8b7 100644 --- a/sys/linux/socket_netlink.txt +++ b/sys/linux/socket_netlink.txt @@ -92,24 +92,37 @@ type netlink_msg_t[TYPE, PAYLOAD, ATTRS] { type netlink_msg[TYPE, PAYLOAD, ATTRS] netlink_msg_t[const[TYPE, int16], PAYLOAD, ATTRS] type nlattr_t[TYPE, PAYLOAD] { - nla_len len[parent, int16] + nla_len offsetof[size, int16] nla_type TYPE payload PAYLOAD + size void +} [packed, align_4] + +type nlattr_tt[TYPE, NETORDER, NESTED, PAYLOAD] { + nla_len offsetof[size, int16] + nla_type TYPE + NLA_F_NET_BYTEORDER const[NETORDER, int16:1] + NLA_F_NESTED const[NESTED, int16:1] + payload PAYLOAD + size void } [packed, align_4] -# NL80211 has 150 attributes. -type nlattr_anytype[PAYLOAD] nlattr_t[int16[0:150], PAYLOAD] type nlattr[TYPE, PAYLOAD] nlattr_t[const[TYPE, int16], PAYLOAD] +# nlattr with NLA_F_NESTED set. +type nlnest[TYPE, PAYLOAD] nlattr_tt[const[TYPE, int16:14], 0, 1, PAYLOAD] +# nlattr with NLA_F_NET_BYTEORDER set (unused for now). +# type nlnetw[TYPE, PAYLOAD] nlattr_tt[const[TYPE, int16:14], 1, 0, PAYLOAD] nl_generic_attr [ generic array[int8] - typed nlattr_anytype[nl_generic_attr_data] - nested nlattr_anytype[array[nl_generic_attr_nonested]] +# NL80211 has 150 attributes. + typed nlattr_tt[int16:14[0:150], 0, 0, nl_generic_attr_data] + nested nlattr_tt[int16:14[0:150], 0, 1, array[nl_generic_attr_nonested]] ] [varlen] nl_generic_attr_nonested [ generic array[int8] - typed nlattr_anytype[nl_generic_attr_data] + typed nlattr_tt[int16:14[0:150], 0, 0, nl_generic_attr_data] ] [varlen] nl_generic_attr_data [ |