From: David Stainton Date: Fri, 12 Aug 2016 22:15:21 +0000 (+0000) Subject: syscall: add bounds checking and error returns to ParseNetlinkMessage X-Git-Tag: go1.8beta1~1336 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=6fd8c006adf792e523232a026823a5444893f28f;p=gostls13.git syscall: add bounds checking and error returns to ParseNetlinkMessage Fixes #16681 Change-Id: I6ff7ec81fe48ab06be3aae5b7ff92e9dc70960c3 Reviewed-on: https://go-review.googlesource.com/26990 Run-TryBot: Mikio Hara TryBot-Result: Gobot Gobot Reviewed-by: Mikio Hara --- diff --git a/src/syscall/netlink_linux.go b/src/syscall/netlink_linux.go index 26b30403a1..1cda8c7704 100644 --- a/src/syscall/netlink_linux.go +++ b/src/syscall/netlink_linux.go @@ -129,10 +129,11 @@ func ParseNetlinkMessage(b []byte) ([]NetlinkMessage, error) { func netlinkMessageHeaderAndData(b []byte) (*NlMsghdr, []byte, int, error) { h := (*NlMsghdr)(unsafe.Pointer(&b[0])) - if int(h.Len) < NLMSG_HDRLEN || int(h.Len) > len(b) { + l := nlmAlignOf(int(h.Len)) + if int(h.Len) < NLMSG_HDRLEN || l > len(b) { return nil, nil, 0, EINVAL } - return h, b[NLMSG_HDRLEN:], nlmAlignOf(int(h.Len)), nil + return h, b[NLMSG_HDRLEN:], l, nil } // NetlinkRouteAttr represents a netlink route attribute. diff --git a/src/syscall/syscall_linux_test.go b/src/syscall/syscall_linux_test.go index 4cabf6c9c9..2c4d953561 100644 --- a/src/syscall/syscall_linux_test.go +++ b/src/syscall/syscall_linux_test.go @@ -138,3 +138,31 @@ func deathSignalChild() { fmt.Println("not ok") os.Exit(1) } + +func TestParseNetlinkMessage(t *testing.T) { + for i, b := range [][]byte{ + {103, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 2, 11, 0, 1, 0, 0, 0, 0, 5, 8, 0, 3, + 0, 8, 0, 6, 0, 0, 0, 0, 1, 63, 0, 10, 0, 69, 16, 0, 59, 39, 82, 64, 0, 64, 6, 21, 89, 127, 0, 0, + 1, 127, 0, 0, 1, 230, 228, 31, 144, 32, 186, 155, 211, 185, 151, 209, 179, 128, 24, 1, 86, + 53, 119, 0, 0, 1, 1, 8, 10, 0, 17, 234, 12, 0, 17, 189, 126, 107, 106, 108, 107, 106, 13, 10, + }, + {106, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 2, 11, 0, 1, 0, 0, 0, 0, 3, 8, 0, 3, + 0, 8, 0, 6, 0, 0, 0, 0, 1, 66, 0, 10, 0, 69, 0, 0, 62, 230, 255, 64, 0, 64, 6, 85, 184, 127, 0, 0, + 1, 127, 0, 0, 1, 237, 206, 31, 144, 73, 197, 128, 65, 250, 60, 192, 97, 128, 24, 1, 86, 253, 21, 0, + 0, 1, 1, 8, 10, 0, 51, 106, 89, 0, 51, 102, 198, 108, 104, 106, 108, 107, 104, 108, 107, 104, 10, + }, + {102, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 2, 11, 0, 1, 0, 0, 0, 0, 1, 8, 0, 3, 0, + 8, 0, 6, 0, 0, 0, 0, 1, 62, 0, 10, 0, 69, 0, 0, 58, 231, 2, 64, 0, 64, 6, 85, 185, 127, 0, 0, 1, 127, + 0, 0, 1, 237, 206, 31, 144, 73, 197, 128, 86, 250, 60, 192, 97, 128, 24, 1, 86, 104, 64, 0, 0, 1, 1, 8, + 10, 0, 52, 198, 200, 0, 51, 135, 232, 101, 115, 97, 103, 103, 10, + }, + } { + m, err := syscall.ParseNetlinkMessage(b) + if err != syscall.EINVAL { + t.Errorf("#%d: got %v; want EINVAL", i, err) + } + if m != nil { + t.Errorf("#%d: got %v; want nil", i, m) + } + } +}