Re: [PATCH net] netfilter: xt_hashlimit: do not allow empty names

2018-02-02 Thread Eric Dumazet
On Fri, 2018-02-02 at 12:49 +0100, Pablo Neira Ayuso wrote: > @Eric, I can give it a shot here to this, just let me know. Thanks! Please go ahead Pablo ! Thanks.

Re: [PATCH net] netfilter: xt_hashlimit: do not allow empty names

2018-02-02 Thread Pablo Neira Ayuso
On Fri, Feb 02, 2018 at 01:12:08PM +0100, Jan Engelhardt wrote: > On Friday 2018-02-02 12:55, Pablo Neira Ayuso wrote: > > >On Fri, Feb 02, 2018 at 12:49:38PM +0100, Pablo Neira Ayuso wrote: > >[...] > >> bool net_valid_name(const char *name, size_t len) > >> { > >> ... > >> } > > > >Am I

Re: [PATCH net] netfilter: xt_hashlimit: do not allow empty names

2018-02-02 Thread Jan Engelhardt
On Friday 2018-02-02 12:55, Pablo Neira Ayuso wrote: >On Fri, Feb 02, 2018 at 12:49:38PM +0100, Pablo Neira Ayuso wrote: >[...] >> bool net_valid_name(const char *name, size_t len) >> { >> ... >> } > >Am I missing anything in all these tricky string handling? Thanks! One will have to

Re: [PATCH net] netfilter: xt_hashlimit: do not allow empty names

2018-02-02 Thread Pablo Neira Ayuso
On Fri, Feb 02, 2018 at 12:55:22PM +0100, Pablo Neira Ayuso wrote: > On Fri, Feb 02, 2018 at 12:49:38PM +0100, Pablo Neira Ayuso wrote: > [...] > > > > Or place this in the core, something like: > > > > bool net_valid_name(const char *name, size_t len) > > { > > ... > > } > > > > then

Re: [PATCH net] netfilter: xt_hashlimit: do not allow empty names

2018-02-02 Thread Pablo Neira Ayuso
On Fri, Feb 02, 2018 at 12:49:38PM +0100, Pablo Neira Ayuso wrote: [...] > > Or place this in the core, something like: > > bool net_valid_name(const char *name, size_t len) > { > ... > } > > then use it from dev_valid_name() > > bool dev_valid_name(const char *name) > { >

Re: [PATCH net] netfilter: xt_hashlimit: do not allow empty names

2018-02-02 Thread Pablo Neira Ayuso
On Sun, Jan 28, 2018 at 09:54:05AM -0800, Eric Dumazet wrote: > On Sun, 2018-01-28 at 07:41 -0800, Eric Dumazet wrote: > > From: Eric Dumazet > > > > Syzbot reported a WARN() in proc_create_data() [1] > > > > Issue here is that xt_hashlimit does not check that user space

Re: [PATCH net] netfilter: xt_hashlimit: do not allow empty names

2018-01-28 Thread Florian Westphal
Eric Dumazet wrote: > On Sun, 2018-01-28 at 07:41 -0800, Eric Dumazet wrote: > > From: Eric Dumazet > > > > Syzbot reported a WARN() in proc_create_data() [1] > > > > Issue here is that xt_hashlimit does not check that user space provided > > an

Re: [PATCH net] netfilter: xt_hashlimit: do not allow empty names

2018-01-28 Thread Eric Dumazet
On Sun, 2018-01-28 at 07:41 -0800, Eric Dumazet wrote: > From: Eric Dumazet > > Syzbot reported a WARN() in proc_create_data() [1] > > Issue here is that xt_hashlimit does not check that user space provided > an empty table name. > Signed-off-by: Eric Dumazet

[PATCH net] netfilter: xt_hashlimit: do not allow empty names

2018-01-28 Thread Eric Dumazet
From: Eric Dumazet Syzbot reported a WARN() in proc_create_data() [1] Issue here is that xt_hashlimit does not check that user space provided an empty table name. [1] name len 0 WARNING: CPU: 0 PID: 3680 at fs/proc/generic.c:354 __proc_create+0x696/0x880