Re: [PATCH] netns: more input validation
On Tue, 25 Jul 2017 15:30:31 +0200 Matteo Crocewrote: > ip netns accepts invalid input as namespace name like an empty string or a > string longer than the maximum file name length. > Check that the netns name is not empty and less than or equal to NAME_MAX. > > Signed-off-by: Matteo Croce Sure, applied.
Re: [PATCH] netns: more input validation
Il giorno mar, 25/07/2017 alle 13.47 +, David Laight ha scritto: > Think I'd check: > !name[0] || !memchr(name, 0, NAME_MAX) || strchr(name, '/') || > (name[0] == '.' && (!name[1] || (name[1] == '.' && > !name[2]))) > > David Nice optimization, but as strchr() and strcmp() are builtin functions, at least in GCC, I don't know if there is any real advantage.
RE: [PATCH] netns: more input validation
From: Matteo Croce > Sent: 25 July 2017 14:31 > ip netns accepts invalid input as namespace name like an empty string or a > string longer than the maximum file name length. > Check that the netns name is not empty and less than or equal to NAME_MAX. > > Signed-off-by: Matteo Croce> --- > ip/ipnetns.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/ip/ipnetns.c b/ip/ipnetns.c > index 42549944..198e9de8 100644 > --- a/ip/ipnetns.c > +++ b/ip/ipnetns.c > @@ -768,7 +768,8 @@ static int netns_monitor(int argc, char **argv) > > static int invalid_name(const char *name) > { > - return strchr(name, '/') || !strcmp(name, ".") || !strcmp(name, ".."); > + return !*name || strlen(name) > NAME_MAX || > + strchr(name, '/') || !strcmp(name, ".") || !strcmp(name, ".."); Think I'd check: !name[0] || !memchr(name, 0, NAME_MAX) || strchr(name, '/') || (name[0] == '.' && (!name[1] || (name[1] == '.' && !name[2]))) David
[PATCH] netns: more input validation
ip netns accepts invalid input as namespace name like an empty string or a string longer than the maximum file name length. Check that the netns name is not empty and less than or equal to NAME_MAX. Signed-off-by: Matteo Croce--- ip/ipnetns.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ip/ipnetns.c b/ip/ipnetns.c index 42549944..198e9de8 100644 --- a/ip/ipnetns.c +++ b/ip/ipnetns.c @@ -768,7 +768,8 @@ static int netns_monitor(int argc, char **argv) static int invalid_name(const char *name) { - return strchr(name, '/') || !strcmp(name, ".") || !strcmp(name, ".."); + return !*name || strlen(name) > NAME_MAX || + strchr(name, '/') || !strcmp(name, ".") || !strcmp(name, ".."); } int do_netns(int argc, char **argv) -- 2.11.0