diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2010-04-04 02:32:35 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2010-04-04 15:58:54 +0200 |
| commit | 117f033c413820739e6679c926a39a5b3f45ff79 (patch) | |
| tree | fd8ed9da15216992570be27ee55eafb235457fcb /src/callback.c | |
| parent | 8ce5d4ca70884654988eb86734cb3022e0b71995 (diff) | |
| download | libmnl-117f033c413820739e6679c926a39a5b3f45ff79.tar.gz libmnl-117f033c413820739e6679c926a39a5b3f45ff79.zip | |
check source of the netlink message and fix sequence tracking logic
This patch changes the callback handlers to include netlink portID
checking. Thus, we avoid that any malicious process can spoof
messages.
If portid, sequence number of the message is != 0, we check if the
message is what we expect. This allows to use the same netlink channel
for dumps (portid, seq != 0) and event-based notifications (portid, seq == 0).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/callback.c')
| -rw-r--r-- | src/callback.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/src/callback.c b/src/callback.c index 1b18b2a..f6637b3 100644 --- a/src/callback.c +++ b/src/callback.c @@ -48,7 +48,8 @@ static mnl_cb_t default_cb_array[NLMSG_MIN_TYPE] = { * mnl_cb_run2 - callback runqueue for netlink messages * @buf: buffer that contains the netlink messages * @numbytes: number of bytes stored in the buffer - * @seq: sequence number that we expect to receive (use zero to skip) + * @seq: sequence number that we expect to receive + * @portid: Netlink PortID that we expect to receive * @cb_data: callback handler for data messages * @data: pointer to data that will be passed to the data callback handler * @cb_ctl_array: array of custom callback handlers from control messages @@ -66,13 +67,18 @@ static mnl_cb_t default_cb_array[NLMSG_MIN_TYPE] = { * This function propagates the callback return value. */ int mnl_cb_run2(const char *buf, int numbytes, unsigned int seq, - mnl_cb_t cb_data, void *data, + unsigned int portid, mnl_cb_t cb_data, void *data, mnl_cb_t *cb_ctl_array, unsigned int cb_ctl_array_len) { int ret = MNL_CB_OK; struct nlmsghdr *nlh = (struct nlmsghdr *)buf; while (mnl_nlmsg_ok(nlh, numbytes)) { + /* check message source */ + if (!mnl_nlmsg_portid_ok(nlh, portid)) { + errno = EINVAL; + return -1; + } /* perform sequence tracking */ if (!mnl_nlmsg_seq_ok(nlh, seq)) { errno = EILSEQ; @@ -107,7 +113,8 @@ out: * mnl_cb_run - callback runqueue for netlink messages (simplified version) * @buf: buffer that contains the netlink messages * @numbytes: number of bytes stored in the buffer - * @seq: sequence number that we expect to receive (use zero to skip) + * @seq: sequence number that we expect to receive + * @portid: Netlink PortID that we expect to receive * @cb_data: callback handler for data messages * @data: pointer to data that will be passed to the data callback handler * @@ -122,7 +129,7 @@ out: * This function propagates the callback return value. */ int mnl_cb_run(const char *buf, int numbytes, unsigned int seq, - mnl_cb_t cb_data, void *data) + unsigned int portid, mnl_cb_t cb_data, void *data) { - return mnl_cb_run2(buf, numbytes, seq, cb_data, data, NULL, 0); + return mnl_cb_run2(buf, numbytes, seq, portid, cb_data, data, NULL, 0); } |