| Message ID | 20230320231834.66273-1-donald.hunter@gmail.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net-next,v1] rtnetlink: Return error when message too short | expand |
On Mon, 20 Mar 2023 23:18:34 +0000 Donald Hunter wrote: > rtnetlink_rcv_msg currently returns 0 when the message length is too > short. This leads to either no response at all, or an ack response > if NLM_F_ACK was set in the request. > > Change rtnetlink_rcv_msg to return -EINVAL which tells af_netlink to > generate a proper error response. It's a touch risky to start returning an error now. Some application could possibly have been passing an empty netlink message just because. We should give the user a heads up (pr_warn_once() with the name+pid of current process). Or continue returning a 0 but add a warning via the extack. The latter is cleaner but will not help old / sloppy apps, your call. > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") We can't put a Fixes tag on it. It could break uAPI, we don't want it backported for sure. > Signed-off-by: Donald Hunter <donald.hunter@gmail.com> > --- > net/core/rtnetlink.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c > index 5d8eb57867a9..04b7f184f32e 100644 > --- a/net/core/rtnetlink.c > +++ b/net/core/rtnetlink.c > @@ -6086,7 +6086,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, > > /* All the messages must have at least 1 byte length */ > if (nlmsg_len(nlh) < sizeof(struct rtgenmsg)) > - return 0; > + return -EINVAL; > > family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; > kind = rtnl_msgtype_kind(type);
Jakub Kicinski <kuba@kernel.org> writes: > On Mon, 20 Mar 2023 23:18:34 +0000 Donald Hunter wrote: >> rtnetlink_rcv_msg currently returns 0 when the message length is too >> short. This leads to either no response at all, or an ack response >> if NLM_F_ACK was set in the request. >> >> Change rtnetlink_rcv_msg to return -EINVAL which tells af_netlink to >> generate a proper error response. > > It's a touch risky to start returning an error now. > Some application could possibly have been passing an empty netlink > message just because. It seemed harmless enough to me, but you make a good point. > We should give the user a heads up (pr_warn_once() with the name+pid > of current process). Or continue returning a 0 but add a warning via > the extack. The latter is cleaner but will not help old / sloppy apps, > your call. A pr_warn_once() should be enough to help the next person and also to give visibility of any sloppy apps. I was considering pr_warn_once() for the nlmsghdr length check in netlink_rcv_skb since there's nowhere to reply to when the header is malformed. >> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > > We can't put a Fixes tag on it. It could break uAPI, we don't want > it backported for sure.
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 5d8eb57867a9..04b7f184f32e 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -6086,7 +6086,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, /* All the messages must have at least 1 byte length */ if (nlmsg_len(nlh) < sizeof(struct rtgenmsg)) - return 0; + return -EINVAL; family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family; kind = rtnl_msgtype_kind(type);
rtnetlink_rcv_msg currently returns 0 when the message length is too short. This leads to either no response at all, or an ack response if NLM_F_ACK was set in the request. Change rtnetlink_rcv_msg to return -EINVAL which tells af_netlink to generate a proper error response. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Donald Hunter <donald.hunter@gmail.com> --- net/core/rtnetlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)