1. Patchew
  2. linux
  3. View series

[PATCH 0/2] netlink: Bounds-check struct nlmsgerr creation

Kees Cook posted 2 patches 3 years, 7 months ago
There is a newer version of this series
include/net/netlink.h             | 10 ++++++-
net/netfilter/ipset/ip_set_core.c | 10 +++++--
net/netlink/af_netlink.c          | 49 +++++++++++++++++++++----------
3 files changed, 49 insertions(+), 20 deletions(-)
[PATCH 0/2] netlink: Bounds-check struct nlmsgerr creation
Posted by Kees Cook 3 years, 7 months ago 
Hi,

In order to avoid triggering the coming runtime memcpy() bounds checking,
the length of the destination needs to be "visible" to the compiler in
some way. However, netlink is constructed in a rather hidden fashion,
and my attempts to wrangle it have resulted in this series, which perform
explicit bounds checking before using unsafe_memcpy().

-Kees

Kees Cook (2):
  netlink: Bounds-check nlmsg_len()
  netlink: Bounds-check struct nlmsgerr creation

 include/net/netlink.h             | 10 ++++++-
 net/netfilter/ipset/ip_set_core.c | 10 +++++--
 net/netlink/af_netlink.c          | 49 +++++++++++++++++++++----------
 3 files changed, 49 insertions(+), 20 deletions(-)

-- 
2.34.1

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.