Enforce network-order data in the netlink protocol

Allow only network-order data, with NLA_F_NET_BYTEORDER flag.
Sanity checks also added to prevent processing broken messages
where mandatory attributes are missing. (Patrick McHardy's review)

1 files changed, 17 insertions, 11 deletions

diff --git a/kernel/ip_set_list_set.c b/kernel/ip_set_list_set.c
index 3525e3b..9cae5d7 100644
--- a/kernel/ip_set_list_set.c
+++ b/kernel/ip_set_list_set.c
@@ -222,20 +222,22 @@ list_set_uadt(struct ip_set *set, struct nlattr *head, int len,
 		      list_set_adt_policy))
 		return -IPSET_ERR_PROTOCOL;
 
+	if (unlikely(!tb[IPSET_ATTR_NAME] ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
+		return -IPSET_ERR_PROTOCOL;
+
 	if (tb[IPSET_ATTR_LINENO])
 		*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
 
-	if (tb[IPSET_ATTR_NAME]) {
-		id = ip_set_get_byname(nla_data(tb[IPSET_ATTR_NAME]), &s);
-		if (id == IPSET_INVALID_ID)
-			return -IPSET_ERR_NAME;
-		/* "Loop detection" */
-		if (s->type->features & IPSET_TYPE_NAME) {
-			ret = -IPSET_ERR_LOOP;
-			goto finish;
-		}
-	} else
-		return -IPSET_ERR_PROTOCOL;
+	id = ip_set_get_byname(nla_data(tb[IPSET_ATTR_NAME]), &s);
+	if (id == IPSET_INVALID_ID)
+		return -IPSET_ERR_NAME;
+	/* "Loop detection" */
+	if (s->type->features & IPSET_TYPE_NAME) {
+		ret = -IPSET_ERR_LOOP;
+		goto finish;
+	}
 
 	if (tb[IPSET_ATTR_CADT_FLAGS]) {
 		u32 f = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
@@ -541,6 +543,10 @@ list_set_create(struct ip_set *set, struct nlattr *head, int len,
 		      list_set_create_policy))
 		return -IPSET_ERR_PROTOCOL;
 
+	if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_SIZE) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT)))
+		return -IPSET_ERR_PROTOCOL;
+
 	if (tb[IPSET_ATTR_SIZE])
 		size = ip_set_get_h32(tb[IPSET_ATTR_SIZE]);
 	if (size < IP_SET_LIST_MIN_SIZE)