Re: [PATCH] netns: more input validation

2017-07-27 Thread Stephen Hemminger 
On Tue, 25 Jul 2017 15:30:31 +0200
Matteo Croce  wrote:

> ip netns accepts invalid input as namespace name like an empty string or a
> string longer than the maximum file name length.
> Check that the netns name is not empty and less than or equal to NAME_MAX.
> 
> Signed-off-by: Matteo Croce 

Sure, applied.

Re: [PATCH] netns: more input validation

2017-07-25 Thread Matteo Croce 
Il giorno mar, 25/07/2017 alle 13.47 +, David Laight ha scritto:
> Think I'd check:
>   !name[0] || !memchr(name, 0, NAME_MAX) || strchr(name, '/') ||
>   (name[0] == '.' && (!name[1] || (name[1] == '.' &&
> !name[2])))
> 
>   David

Nice optimization, but as strchr() and strcmp() are builtin functions,
at least in GCC, I don't know if there is any real advantage.

RE: [PATCH] netns: more input validation

2017-07-25 Thread David Laight 
From: Matteo Croce
> Sent: 25 July 2017 14:31
> ip netns accepts invalid input as namespace name like an empty string or a
> string longer than the maximum file name length.
> Check that the netns name is not empty and less than or equal to NAME_MAX.
> 
> Signed-off-by: Matteo Croce 
> ---
>  ip/ipnetns.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/ip/ipnetns.c b/ip/ipnetns.c
> index 42549944..198e9de8 100644
> --- a/ip/ipnetns.c
> +++ b/ip/ipnetns.c
> @@ -768,7 +768,8 @@ static int netns_monitor(int argc, char **argv)
> 
>  static int invalid_name(const char *name)
>  {
> - return strchr(name, '/') || !strcmp(name, ".") || !strcmp(name, "..");
> + return !*name || strlen(name) > NAME_MAX ||
> + strchr(name, '/') || !strcmp(name, ".") || !strcmp(name, "..");

Think I'd check:
!name[0] || !memchr(name, 0, NAME_MAX) || strchr(name, '/') ||
(name[0] == '.' && (!name[1] || (name[1] == '.' && !name[2])))

David

[PATCH] netns: more input validation

2017-07-25 Thread Matteo Croce 
ip netns accepts invalid input as namespace name like an empty string or a
string longer than the maximum file name length.
Check that the netns name is not empty and less than or equal to NAME_MAX.

Signed-off-by: Matteo Croce 
---
 ip/ipnetns.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ip/ipnetns.c b/ip/ipnetns.c
index 42549944..198e9de8 100644
--- a/ip/ipnetns.c
+++ b/ip/ipnetns.c
@@ -768,7 +768,8 @@ static int netns_monitor(int argc, char **argv)
 
 static int invalid_name(const char *name)
 {
-   return strchr(name, '/') || !strcmp(name, ".") || !strcmp(name, "..");
+   return !*name || strlen(name) > NAME_MAX ||
+   strchr(name, '/') || !strcmp(name, ".") || !strcmp(name, "..");
 }
 
 int do_netns(int argc, char **argv)
-- 
2.11.0