On Fri, Apr 05, 2019 at 11:24:14PM +0200, Johannes Berg wrote:
> From: Johannes Berg <johannes.b...@intel.com>
>
> Now that we have nested policies, we can theoretically
> recurse forever parsing attributes if a (sub-)policy
> refers back to a higher level one. This is a situation
> that has happened in nl80211, and we've avoided it there
> by not linking it.
>
> Add some code to netlink parsing to limit recursion depth,
> allowing us to safely change nl80211 to actually link the
> nested policy, which in turn allows some code cleanups.
>
> Signed-off-by: Johannes Berg <johannes.b...@intel.com>
> ---
> lib/nlattr.c | 46 +++++++++++++++++++++++++++++++-----------
> net/wireless/nl80211.c | 10 ++++-----
> net/wireless/nl80211.h | 2 --
> net/wireless/pmsr.c | 3 +--
> 4 files changed, 39 insertions(+), 22 deletions(-)
>
> diff --git a/lib/nlattr.c b/lib/nlattr.c
> index baf27844ecc8..bc41d3d96945 100644
> --- a/lib/nlattr.c
> +++ b/lib/nlattr.c
> @@ -44,6 +44,20 @@ static const u8 nla_attr_minlen[NLA_TYPE_MAX+1] = {
> [NLA_S64] = sizeof(s64),
> };
>
> +/*
> + * Nested policies might refer back to the original
> + * policy in some cases, and userspace could try to
> + * abuse that and recurse by nesting in the right
> + * ways. Limit recursion to avoid this problem.
> + */
> +#define MAX_POLICY_RECURSION_DEPTH 10
In your policy description approach, you iterate over the policy
structures. How do you deal with this recursions from there?
