diff options
| author | Thomas Haller <thaller@redhat.com> | 2016-06-27 18:06:07 (GMT) |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2016-06-29 08:16:04 (GMT) |
| commit | ca5d662e9d6aa67b1d75be19aea4e4a4585e41b8 (patch) | |
| tree | 6c3735dfb13d775c14ae37a197a6b6a28e5aaafb /include | |
| parent | 9b7c28ebd2686584fa9e5d35845f86d3b38e1fa9 (diff) | |
| download | libnl-ca5d662e9d6aa67b1d75be19aea4e4a4585e41b8.zip libnl-ca5d662e9d6aa67b1d75be19aea4e4a4585e41b8.tar.gz libnl-ca5d662e9d6aa67b1d75be19aea4e4a4585e41b8.tar.bz2 | |
xfrm: allow avoiding buffer overflow for key in xfrmnl_sa_get_*_params()
The previous API of xfrmnl_sa_get_*_params() would always require
a @key buffer, but it was not possible to avoid buffer overflow
because the required size was unknown.
That is not really fixable, because the old API is broken.
Now, allow omitting the @key argument to only request the @key_size.
That allows the caller to ask beforehand how large the @key buffer
must be: ((@key_size + 7) / 8).
Unfortunately, omitting the key against previous versions of libnl
leads to a crash. And passing a key against older versions makes it
impossible to avoid buffer-overflow.
Another option would be to add functions like
xfrmnl_sa_get_crypto_params_keylen() so the user can query the required
buffer size by calling that instead of xfrmnl_sa_get_crypto_params().
However, then the user also requires a backport of the new API
and this will not be possible against older libnl3 versions either.
Thus, if the user already requires the fix, he can just as well
require a backport of this patch and then safely call xfrmnl_sa_get_crypto_params()
without @key argument. This way has the advantage/disadvantage, that
it can detect the presence of the patch at runtime.
The cumbersome way to get it right would be:
unsiged key_len;
char *key;
int r;
if (!nl_has_capability(17 /*NL_CAPABILITY_XFRM_SA_KEY_SIZE*/)) {
/* no way to use this API safely. Abort. */
return -NLE_OPNOTSUPP;
}
r = xfrmnl_sa_get_crypto_params(sa, NULL, &key_len, NULL);
if (r < 0)
return r;
key = malloc((key_len + 7) / 8);
if (!key)
return -NLE_NOMEM;
r = xfrmnl_sa_get_crypto_params(sa, NULL, &key_len, &key);
if (r < 0) {
free(key);
return r;
}
...
http://lists.infradead.org/pipermail/libnl/2016-June/002155.html
Signed-off-by: Thomas Haller <thaller@redhat.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/netlink/utils.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/netlink/utils.h b/include/netlink/utils.h index ebf12cf..43c9147 100644 --- a/include/netlink/utils.h +++ b/include/netlink/utils.h @@ -197,6 +197,13 @@ enum { NL_CAPABILITY_NL_OBJECT_DIFF64 = 16, #define NL_CAPABILITY_NL_OBJECT_DIFF64 NL_CAPABILITY_NL_OBJECT_DIFF64 + /** + * Support omitting @key argument to xfrmnl_sa_get_*_params() to check + * for required buffer size for key. + */ + NL_CAPABILITY_XFRM_SA_KEY_SIZE = 17, +#define NL_CAPABILITY_XFRM_SA_KEY_SIZE NL_CAPABILITY_XFRM_SA_KEY_SIZE + __NL_CAPABILITY_MAX, NL_CAPABILITY_MAX = (__NL_CAPABILITY_MAX - 1), #define NL_CAPABILITY_MAX NL_CAPABILITY_MAX |