| /**************************************************************************** |
| * net/netlink/netlink_attr.c |
| * |
| * SPDX-License-Identifier: Apache-2.0 |
| * |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. The |
| * ASF licenses this file to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance with the |
| * License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| * License for the specific language governing permissions and limitations |
| * under the License. |
| * |
| ****************************************************************************/ |
| |
| /**************************************************************************** |
| * Included Files |
| ****************************************************************************/ |
| |
| #include <nuttx/config.h> |
| |
| #include <sys/types.h> |
| #include <string.h> |
| #include <assert.h> |
| #include <errno.h> |
| #include <debug.h> |
| |
| #include <nuttx/sched.h> |
| #include <nuttx/net/netlink.h> |
| |
| #include "netlink.h" |
| |
| /**************************************************************************** |
| * Private Data |
| ****************************************************************************/ |
| |
| #ifdef CONFIG_NETLINK_VALIDATE_POLICY |
| static const uint8_t g_nla_attr_len[NLA_TYPE_MAX + 1] = |
| { |
| 0, |
| sizeof(uint8_t), |
| sizeof(uint16_t), |
| sizeof(uint32_t), |
| sizeof(uint64_t), |
| 0, 0, 0, 0, 0, 0, 0, |
| sizeof(int8_t), |
| sizeof(int16_t), |
| sizeof(int32_t), |
| sizeof(int64_t), |
| }; |
| |
| static const uint8_t g_nla_attr_minlen[NLA_TYPE_MAX + 1] = |
| { |
| 0, |
| sizeof(uint8_t), |
| sizeof(uint16_t), |
| sizeof(uint32_t), |
| sizeof(uint64_t), |
| 0, 0, |
| sizeof(uint64_t), |
| NLA_HDRLEN, |
| 0, 0, 0, |
| sizeof(int8_t), |
| sizeof(int16_t), |
| sizeof(int32_t), |
| sizeof(int64_t), |
| }; |
| |
| /**************************************************************************** |
| * Private Functions |
| ****************************************************************************/ |
| |
| static int validate_nla_bitfield32(FAR const struct nlattr *nla, |
| FAR uint32_t *valid_flags_mask) |
| { |
| FAR const struct nla_bitfield32 *bf = nla_data(nla); |
| |
| if (!valid_flags_mask) |
| { |
| return -EINVAL; |
| } |
| |
| /* disallow invalid bit selector */ |
| |
| if (bf->selector & ~*valid_flags_mask) |
| { |
| return -EINVAL; |
| } |
| |
| /* disallow invalid bit values */ |
| |
| if (bf->value & ~*valid_flags_mask) |
| { |
| return -EINVAL; |
| } |
| |
| /* disallow valid bit values that are not selected */ |
| |
| if (bf->value & ~bf->selector) |
| { |
| return -EINVAL; |
| } |
| |
| return 0; |
| } |
| |
| static int validate_nla(FAR const struct nlattr *nla, int maxtype, |
| FAR const struct nla_policy *policy) |
| { |
| FAR const struct nla_policy *pt; |
| int minlen = 0; |
| int attrlen = nla_len(nla); |
| int type = nla_type(nla); |
| |
| if (type <= 0 || type > maxtype) |
| { |
| return -EINVAL; |
| } |
| |
| pt = &policy[type]; |
| |
| DEBUGASSERT(pt->type <= NLA_TYPE_MAX); |
| |
| if (g_nla_attr_len[pt->type] && attrlen != g_nla_attr_len[pt->type]) |
| { |
| nwarn("netlink: '%d': attribute type %d has an invalid length.\n", |
| nxsched_getpid(), type); |
| return -EINVAL; |
| } |
| |
| switch (pt->type) |
| { |
| case NLA_FLAG: |
| if (attrlen > 0) |
| { |
| return -ERANGE; |
| } |
| break; |
| |
| case NLA_BITFIELD32: |
| if (attrlen != sizeof(struct nla_bitfield32)) |
| { |
| return -ERANGE; |
| } |
| |
| if (validate_nla_bitfield32(nla, pt->validation_data) != 0) |
| { |
| return -EINVAL; |
| } |
| break; |
| |
| case NLA_NUL_STRING: |
| if (pt->len) |
| { |
| minlen = MIN(attrlen, pt->len + 1); |
| } |
| else |
| { |
| minlen = attrlen; |
| } |
| |
| if (!minlen || memchr(nla_data(nla), '\0', minlen) == NULL) |
| { |
| return -EINVAL; |
| } |
| |
| /* fall through */ |
| |
| case NLA_STRING: |
| if (attrlen < 1) |
| { |
| return -ERANGE; |
| } |
| |
| if (pt->len) |
| { |
| FAR char *buf = nla_data(nla); |
| |
| if (buf[attrlen - 1] == '\0') |
| { |
| attrlen--; |
| } |
| |
| if (attrlen > pt->len) |
| { |
| return -ERANGE; |
| } |
| } |
| break; |
| |
| case NLA_BINARY: |
| if (pt->len && attrlen > pt->len) |
| { |
| return -ERANGE; |
| } |
| break; |
| |
| case NLA_NESTED_COMPAT: |
| if (attrlen < pt->len) |
| { |
| return -ERANGE; |
| } |
| |
| if (attrlen < NLA_ALIGN(pt->len)) |
| { |
| break; |
| } |
| |
| if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN) |
| { |
| return -ERANGE; |
| } |
| |
| nla = nla_data(nla) + NLA_ALIGN(pt->len); |
| if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN + nla_len(nla)) |
| { |
| return -ERANGE; |
| } |
| break; |
| |
| case NLA_NESTED: |
| /* a nested attributes is allowed to be empty; if its not, |
| * it must have a size of at least NLA_HDRLEN. |
| */ |
| |
| if (attrlen == 0) |
| { |
| break; |
| } |
| |
| default: |
| if (pt->len) |
| { |
| minlen = pt->len; |
| } |
| else if (pt->type != NLA_UNSPEC) |
| { |
| minlen = g_nla_attr_minlen[pt->type]; |
| } |
| |
| if (attrlen < minlen) |
| { |
| return -ERANGE; |
| } |
| } |
| |
| return 0; |
| } |
| #else |
| # define validate_nla(nla, maxtype, policy) 0 |
| #endif |
| |
| /**************************************************************************** |
| * Public Functions |
| ****************************************************************************/ |
| |
| /**************************************************************************** |
| * Name: nla_next |
| * |
| * Description: |
| * Next netlink attribute in attribute stream. |
| * |
| * Input Parameters: |
| * nla - netlink attribute. |
| * remaining - number of bytes remaining in attribute stream. |
| * |
| * Returned Value: |
| * Returns the next netlink attribute in the attribute stream and |
| * decrements remaining by the size of the current attribute. |
| * |
| ****************************************************************************/ |
| |
| FAR struct nlattr *nla_next(FAR const struct nlattr *nla, |
| FAR int *remaining) |
| { |
| unsigned int totlen = NLA_ALIGN(nla->nla_len); |
| |
| *remaining -= totlen; |
| return (FAR struct nlattr *)((FAR char *)nla + totlen); |
| } |
| |
| /**************************************************************************** |
| * Name: nla_parse |
| * |
| * Description: |
| * Parse the nested netlink attribute. |
| * |
| ****************************************************************************/ |
| |
| int nla_parse(FAR struct nlattr **tb, int maxtype, |
| FAR const struct nlattr *head, |
| int len, FAR const struct nla_policy *policy, |
| FAR struct netlink_ext_ack *extack) |
| { |
| FAR const struct nlattr *nla; |
| int rem; |
| int err = 0; |
| |
| memset(tb, 0, sizeof(FAR struct nlattr *) * (maxtype + 1)); |
| |
| nla_for_each_attr(nla, head, len, rem) |
| { |
| uint16_t type = nla_type(nla); |
| |
| if (type > 0 && type <= maxtype) |
| { |
| err = validate_nla(nla, maxtype, policy); |
| if (err < 0) |
| { |
| nl_set_err_msg_attr(extack, nla, |
| "Attribute failed policy validation"); |
| goto errout; |
| } |
| |
| tb[type] = (FAR struct nlattr *)nla; |
| } |
| } |
| |
| if (rem > 0) |
| { |
| nwarn("netlink: %d bytes leftover after parsing attributes in " |
| "pid `%d'.\n", rem, nxsched_getpid()); |
| } |
| |
| errout: |
| return err; |
| } |
