On 9/28/18 12:41 PM, Christian Brauner wrote:
>> @@ -1683,15 +1683,45 @@ static int inet_dump_ifaddr(struct sk_buff *skb,
>> struct netlink_callback *cb)
>> s_idx = idx = cb->args[1];
>> s_ip_idx = ip_idx = cb->args[2];
>>
>> - if (nlmsg_parse(cb->nlh, sizeof(struct ifaddrmsg), tb, IFA_MAX,
>> - ifa_ipv4_policy, NULL) >= 0) {
>> - if (tb[IFA_TARGET_NETNSID]) {
>> - fillargs.netnsid = nla_get_s32(tb[IFA_TARGET_NETNSID]);
>> + if (nlh->nlmsg_flags & NLM_F_DUMP_PROPER_HDR) {
>> + struct nlattr *tb[IFA_MAX+1];
>> + struct ifaddrmsg *ifm;
>> + int err, i;
>> +
>> + if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) {
>> + NL_SET_ERR_MSG(extack, "Invalid header");
>> + return -EINVAL;
>> + }
>> +
>> + ifm = (struct ifaddrmsg *) nlmsg_data(cb->nlh);
>> + if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
>> + NL_SET_ERR_MSG(extack, "Invalid values in header for
>> dump request");
>> + return -EINVAL;
>> + }
>> + if (ifm->ifa_index) {
>> + NL_SET_ERR_MSG(extack, "Filter by device index not
>> supported");
>> + return -EINVAL;
>> + }
>> + err = nlmsg_parse(cb->nlh, sizeof(struct ifaddrmsg), tb,
>> IFA_MAX,
>> + ifa_ipv4_policy, NULL);
>> + if (err < 0)
>> + return err;
>>
>> - tgt_net = rtnl_get_net_ns_capable(skb->sk,
>> - fillargs.netnsid);
>> - if (IS_ERR(tgt_net))
>> - return PTR_ERR(tgt_net);
>> + for (i = 0; i < IFA_MAX; ++i) {
>> + if (i == IFA_TARGET_NETNSID) {
>> + fillargs.netnsid = nla_get_s32(tb[i]);
>> +
>> + tgt_net = rtnl_get_net_ns_capable(skb->sk,
>> +
>> fillargs.netnsid);
>> + if (IS_ERR(tgt_net))
>> + return PTR_ERR(tgt_net);
>> +
>> + fillargs.flags |= NLM_F_DUMP_FILTERED;
>> + }
>> + if (tb[i]) {
>> + NL_SET_ERR_MSG(extack, "Unsupported attribute
>> in dump request");
>> + return -EINVAL;
>> + }
>
> That loop doesn't do what it promises, no? Shouldn't it be:
your right, that should be:
} else if (tb[i]) {
