net: limit altnames to 64k total

Property list (altname is a link "property") is wrapped
in a nlattr. nlattrs length is 16bit so practically
speaking the list of properties can't be longer than
that, otherwise user space would have to interpret
broken netlink messages.

Prevent the problem from occurring by checking the length
of the property list before adding new entries.

Reported-by: George Shuklin <george.shuklin@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index aa05e89cc47c1bb010e8dbc05f3666ed06b1275f..159c9c61e6af353cadbdbb03281d2271d36f7e71 100644 (file)
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -3652,12 +3652,23 @@ static int rtnl_alt_ifname(int cmd, struct net_device *dev, struct nlattr *attr,
                           bool *changed, struct netlink_ext_ack *extack)
 {
        char *alt_ifname;
+       size_t size;
        int err;
 
        err = nla_validate(attr, attr->nla_len, IFLA_MAX, ifla_policy, extack);
        if (err)
                return err;
 
+       if (cmd == RTM_NEWLINKPROP) {
+               size = rtnl_prop_list_size(dev);
+               size += nla_total_size(ALTIFNAMSIZ);
+               if (size >= U16_MAX) {
+                       NL_SET_ERR_MSG(extack,
+                                      "effective property list too long");
+                       return -EINVAL;
+               }
+       }
+
        alt_ifname = nla_strdup(attr, GFP_KERNEL_ACCOUNT);
        if (!alt_ifname)
                return -ENOMEM;