Merge branch 'main' into ipvlan_flag

Author: xujunjie-cover

src/link/af_spec/unspec.rs

@@ -56,16 +56,22 @@ impl<'a, T: AsRef<[u8]> + ?Sized> Parseable<NlaBuffer<&'a T>>
             nlas.push(match nla.kind() {
                 k if k == u8::from(AddressFamily::Inet) as u16 => {
                     AfSpecUnspec::Inet(
-                        VecAfSpecInet::parse(&NlaBuffer::new(&nla.value()))
-                            .context(err)?
-                            .0,
+                        VecAfSpecInet::parse(
+                            &NlaBuffer::new_checked(&nla.value())
+                                .context(err)?,
+                        )
+                        .context(err)?
+                        .0,
                     )
                 }
                 k if k == u8::from(AddressFamily::Inet6) as u16 => {
                     AfSpecUnspec::Inet6(
-                        VecAfSpecInet6::parse(&NlaBuffer::new(&nla.value()))
-                            .context(err)?
-                            .0,
+                        VecAfSpecInet6::parse(
+                            &NlaBuffer::new_checked(&nla.value())
+                                .context(err)?,
+                        )
+                        .context(err)?
+                        .0,
                     )
                 }
                 kind => AfSpecUnspec::Other(DefaultNla::parse(&nla).context(

src/link/attribute.rs

@@ -373,20 +373,41 @@ impl<'a, T: AsRef<[u8]> + ?Sized>
     ) -> Result<Self, DecodeError> {
         let payload = buf.value();
         Ok(match buf.kind() {
-            IFLA_VFINFO_LIST => Self::VfInfoList(
-                VecLinkVfInfo::parse(&NlaBuffer::new(payload))
-                    .context(format!("invalid IFLA_VFINFO_LIST {payload:?}"))?
+            IFLA_VFINFO_LIST => {
+                let err =
+                    |payload| format!("invalid IFLA_VFINFO_LIST {payload:?}");
+                Self::VfInfoList(
+                    VecLinkVfInfo::parse(
+                        &NlaBuffer::new_checked(payload)
+                            .context(err(payload))?,
+                    )
+                    .context(err(payload))?
                     .0,
-            ),
-            IFLA_VF_PORTS => Self::VfPorts(
-                VecLinkVfPort::parse(&NlaBuffer::new(payload))
-                    .context(format!("invalid IFLA_VF_PORTS {payload:?}"))?
+                )
+            }
+            IFLA_VF_PORTS => {
+                let err =
+                    |payload| format!("invalid IFLA_VF_PORTS {payload:?}");
+                Self::VfPorts(
+                    VecLinkVfPort::parse(
+                        &NlaBuffer::new_checked(payload)
+                            .context(err(payload))?,
+                    )
+                    .context(err(payload))?
                     .0,
-            ),
-            IFLA_PORT_SELF => Self::PortSelf(
-                LinkVfPort::parse(&NlaBuffer::new(payload))
-                    .context(format!("invalid IFLA_PORT_SELF {payload:?}"))?,
-            ),
+                )
+            }
+            IFLA_PORT_SELF => {
+                let err =
+                    |payload| format!("invalid IFLA_PORT_SELF {payload:?}");
+                Self::PortSelf(
+                    LinkVfPort::parse(
+                        &NlaBuffer::new_checked(payload)
+                            .context(err(payload))?,
+                    )
+                    .context(err(payload))?,
+                )
+            }
             IFLA_PHYS_PORT_ID => {
                 Self::PhysPortId(LinkPhysId::parse(payload).context(
                     format!("invalid IFLA_PHYS_PORT_ID value {payload:?}"),
@@ -401,29 +422,37 @@ impl<'a, T: AsRef<[u8]> + ?Sized>
                 LinkWirelessEvent::parse(payload)
                     .context(format!("invalid IFLA_WIRELESS {payload:?}"))?,
             ),
-            IFLA_PROTINFO => match interface_family {
-                AddressFamily::Inet6 => Self::ProtoInfoInet6(
-                    VecLinkProtoInfoInet6::parse(&NlaBuffer::new(payload))
-                        .context(format!(
-                            "invalid IFLA_PROTINFO for AF_INET6 {payload:?}"
-                        ))?
+            IFLA_PROTINFO => {
+                let err = |payload| {
+                    format!("invalid IFLA_PROTINFO for AF_INET6 {payload:?}")
+                };
+                match interface_family {
+                    AddressFamily::Inet6 => Self::ProtoInfoInet6(
+                        VecLinkProtoInfoInet6::parse(
+                            &NlaBuffer::new_checked(payload)
+                                .context(err(payload))?,
+                        )
+                        .context(err(payload))?
                         .0,
-                ),
-                #[cfg(any(target_os = "linux", target_os = "fuchsia",))]
-                AddressFamily::Bridge => Self::ProtoInfoBridge(
-                    VecLinkProtoInfoBridge::parse(&NlaBuffer::new(payload))
+                    ),
+                    #[cfg(any(target_os = "linux", target_os = "fuchsia",))]
+                    AddressFamily::Bridge => Self::ProtoInfoBridge(
+                        VecLinkProtoInfoBridge::parse(&NlaBuffer::new_checked(
+                            payload,
+                        )?)
                         .context(format!(
                             "invalid IFLA_PROTINFO for AF_INET6 {payload:?}"
                         ))?
                         .0,
-                ),
-                _ => Self::ProtoInfoUnknown(DefaultNla::parse(buf).context(
-                    format!(
-                        "invalid IFLA_PROTINFO for \
+                    ),
+                    _ => Self::ProtoInfoUnknown(
+                        DefaultNla::parse(buf).context(format!(
+                            "invalid IFLA_PROTINFO for \
                         {interface_family:?}: {payload:?}"
+                        ))?,
                     ),
-                )?),
-            },
+                }
+            }
             IFLA_EVENT => Self::Event(
                 LinkEvent::parse(payload)
                     .context(format!("invalid IFLA_EVENT {payload:?}"))?,
@@ -565,10 +594,17 @@ impl<'a, T: AsRef<[u8]> + ?Sized>
                     .context("invalid IFLA_OPERSTATE value")?
                     .into(),
             ),
-            IFLA_MAP => Self::Map(
-                super::Map::parse(&MapBuffer::new(payload))
-                    .context(format!("Invalid IFLA_MAP value {:?}", payload))?,
-            ),
+            IFLA_MAP => {
+                let err =
+                    |payload| format!("Invalid IFLA_MAP value {:?}", payload);
+                Self::Map(
+                    super::Map::parse(
+                        &MapBuffer::new_checked(payload)
+                            .context(err(payload))?,
+                    )
+                    .context(err(payload))?,
+                )
+            }
             IFLA_STATS => Self::Stats(
                 super::Stats::parse(&StatsBuffer::new(
                     expand_buffer_if_small(
@@ -597,24 +633,41 @@ impl<'a, T: AsRef<[u8]> + ?Sized>
                 )
             }
             IFLA_AF_SPEC => match interface_family {
-                AddressFamily::Unspec => Self::AfSpecUnspec(
-                    VecAfSpecUnspec::parse(&NlaBuffer::new(&buf.value()))
-                        .context("invalid IFLA_AF_SPEC value for AF_UNSPEC")?
+                AddressFamily::Unspec => {
+                    let err = "invalid IFLA_AF_SPEC value for AF_UNSPEC";
+                    Self::AfSpecUnspec(
+                        VecAfSpecUnspec::parse(
+                            &NlaBuffer::new_checked(&buf.value())
+                                .context(err)?,
+                        )
+                        .context(err)?
                         .0,
-                ),
+                    )
+                }
                 #[cfg(any(target_os = "linux", target_os = "fuchsia",))]
-                AddressFamily::Bridge => Self::AfSpecBridge(
-                    VecAfSpecBridge::parse(&NlaBuffer::new(&buf.value()))
-                        .context("invalid IFLA_AF_SPEC value for AF_BRIDGE")?
+                AddressFamily::Bridge => {
+                    let err = "invalid IFLA_AF_SPEC value for AF_BRIDGE";
+                    Self::AfSpecBridge(
+                        VecAfSpecBridge::parse(
+                            &NlaBuffer::new_checked(&buf.value())
+                                .context(err)?,
+                        )
+                        .context(err)?
                         .0,
-                ),
+                    )
+                }
                 _ => Self::AfSpecUnknown(payload.to_vec()),
             },
-            IFLA_LINKINFO => Self::LinkInfo(
-                VecLinkInfo::parse(&NlaBuffer::new(&buf.value()))
-                    .context("invalid IFLA_LINKINFO value")?
+            IFLA_LINKINFO => {
+                let err = "invalid IFLA_LINKINFO value";
+                Self::LinkInfo(
+                    VecLinkInfo::parse(
+                        &NlaBuffer::new_checked(&buf.value()).context(err)?,
+                    )
+                    .context(err)?
                     .0,
-            ),
+                )
+            }
             IFLA_XDP => {
                 let err = "invalid IFLA_XDP value";
                 let buf = NlaBuffer::new_checked(payload).context(err)?;

src/link/sriov/vf_list.rs

@@ -31,7 +31,9 @@ impl<'a, T: AsRef<[u8]> + ?Sized> Parseable<NlaBuffer<&'a T>>
                 buf.value()
             ))?;
             if nla.kind() == IFLA_VF_INFO {
-                nlas.push(LinkVfInfo::parse(&NlaBuffer::new(nla.value()))?);
+                nlas.push(LinkVfInfo::parse(&NlaBuffer::new_checked(
+                    nla.value(),
+                )?)?);
             } else {
                 log::warn!(
                     "BUG: Expecting IFLA_VF_INFO in IFLA_VFINFO_LIST, \

src/link/sriov/vf_port.rs

@@ -20,7 +20,9 @@ impl<'a, T: AsRef<[u8]> + ?Sized> Parseable<NlaBuffer<&'a T>>
                 buf.value()
             ))?;
             if nla.kind() == IFLA_VF_PORT {
-                nlas.push(LinkVfPort::parse(&NlaBuffer::new(nla.value()))?);
+                nlas.push(LinkVfPort::parse(&NlaBuffer::new_checked(
+                    nla.value(),
+                )?)?);
             } else {
                 log::warn!(
                     "BUG: Expecting IFLA_VF_PORT in IFLA_VF_PORTS, \

src/neighbour_table/attribute.rs

@@ -110,11 +110,17 @@ impl<'a, T: AsRef<[u8]> + ?Sized> Parseable<NlaBuffer<&'a T>>
                 )
                 .context(format!("invalid NDTA_STATS {payload:?}"))?,
             ),
-            NDTA_PARMS => Self::Parms(
-                VecNeighbourTableParameter::parse(&NlaBuffer::new(payload))
-                    .context(format!("invalid NDTA_PARMS {payload:?}"))?
+            NDTA_PARMS => {
+                let err = |payload| format!("invalid NDTA_PARMS {payload:?}");
+                Self::Parms(
+                    VecNeighbourTableParameter::parse(
+                        &NlaBuffer::new_checked(payload)
+                            .context(err(payload))?,
+                    )
+                    .context(err(payload))?
                     .0,
-            ),
+                )
+            }
             NDTA_GC_INTERVAL => Self::GcInterval(
                 parse_u64(payload).context("invalid NDTA_GC_INTERVAL value")?,
             ),

src/route/next_hops.rs

@@ -63,7 +63,7 @@ impl<T: AsRef<[u8]>> RouteNextHopBuffer<T> {
             return Err(format!(
                 "invalid RouteNextHopBuffer: length {} < {}",
                 len,
-                8 + self.length()
+                self.length(),
             )
             .into());
         }

src/route/tests/route_flags.rs

@@ -8,7 +8,7 @@ use netlink_packet_utils::traits::{Emitable, Parseable};
 use crate::route::flags::RouteFlags;
 use crate::route::{
     RouteAttribute, RouteHeader, RouteMessage, RouteMessageBuffer,
-    RouteProtocol, RouteScope, RouteType,
+    RouteNextHopBuffer, RouteProtocol, RouteScope, RouteType,
 };
 use crate::AddressFamily;
 
@@ -54,3 +54,15 @@ fn test_ipv6_add_route_onlink() {
 
     assert_eq!(buf, raw);
 }
+
+// Verify that [`RouteNextHopBuffer`] rejects the buffer when provided with
+// an invalid length.
+#[test]
+fn test_next_hop_max_buffer_len() {
+    // Route next-hop buffer layout:
+    // |byte0|byte1|byte2|byte3|byte4|byte5|byte6|byte7|bytes8+|
+    // |-----|-----|-----|-----|-----|-----|-----|-----|-------|
+    // |  length   |flags|hops |    Interface Index    |Payload|
+    let buffer = [0xff, 0xff, 0, 0, 0, 0, 0, 0];
+    assert!(RouteNextHopBuffer::new_checked(buffer).is_err());
+}

src/tc/filters/cls_u32.rs

@@ -177,7 +177,7 @@ pub struct TcU32Selector {
     pub keys: Vec<TcU32Key>,
 }
 
-buffer!(TcU32SelectorBuffer(TC_U32_SEL_BUF_LEN) {
+buffer!(TcU32SelectorBuffer {
     flags: (u8, 0),
     offshift: (u8, 1),
     nkeys: (u8, 2),
@@ -190,6 +190,35 @@ buffer!(TcU32SelectorBuffer(TC_U32_SEL_BUF_LEN) {
     keys: (slice, TC_U32_SEL_BUF_LEN..),
 });
 
+impl<T: AsRef<[u8]>> TcU32SelectorBuffer<T> {
+    pub fn new_checked(buffer: T) -> Result<Self, DecodeError> {
+        let packet = Self::new(buffer);
+        packet.check_buffer_length()?;
+        Ok(packet)
+    }
+
+    fn check_buffer_length(&self) -> Result<(), DecodeError> {
+        let len = self.buffer.as_ref().len();
+        if len < TC_U32_SEL_BUF_LEN {
+            return Err(format!(
+                "invalid TcU32SelectorBuffer: length {len} < {TC_U32_SEL_BUF_LEN}"
+            )
+            .into());
+        }
+        // Expect the buffer to be large enough to hold `nkeys`.
+        let expected_len =
+            ((self.nkeys() as usize) * TC_U32_KEY_BUF_LEN) + TC_U32_SEL_BUF_LEN;
+        if len < expected_len {
+            return Err(format!(
+                "invalid RouteNextHopBuffer: length {} < {}",
+                len, expected_len,
+            )
+            .into());
+        }
+        Ok(())
+    }
+}
+
 impl Emitable for TcU32Selector {
     fn buffer_len(&self) -> usize {
         TC_U32_SEL_BUF_LEN + (self.nkeys as usize * TC_U32_KEY_BUF_LEN)

src/tc/filters/mod.rs

@@ -6,6 +6,7 @@ mod u32_flags;
 
 pub use self::cls_u32::{
     TcFilterU32, TcFilterU32Option, TcU32Key, TcU32Selector,
+    TcU32SelectorBuffer,
 };
 pub use self::matchall::{TcFilterMatchAll, TcFilterMatchAllOption};
 pub use u32_flags::{TcU32OptionFlags, TcU32SelectorFlags};

src/tc/mod.rs

@@ -20,7 +20,8 @@ pub use self::actions::{
 pub use self::attribute::TcAttribute;
 pub use self::filters::{
     TcFilterMatchAll, TcFilterMatchAllOption, TcFilterU32, TcFilterU32Option,
-    TcU32Key, TcU32OptionFlags, TcU32Selector, TcU32SelectorFlags,
+    TcU32Key, TcU32OptionFlags, TcU32Selector, TcU32SelectorBuffer,
+    TcU32SelectorFlags,
 };
 pub use self::header::{TcHandle, TcHeader, TcMessageBuffer};
 pub use self::message::TcMessage;

src/tc/tests/filter_u32.rs

@@ -9,6 +9,7 @@ use crate::{
         filters::{TcU32OptionFlags, TcU32SelectorFlags},
         TcAttribute, TcFilterU32Option, TcHandle, TcHeader, TcMessage,
         TcMessageBuffer, TcOption, TcU32Key, TcU32Selector,
+        TcU32SelectorBuffer,
     },
     AddressFamily,
 };
@@ -112,3 +113,23 @@ fn test_get_filter_u32() {
 
     assert_eq!(buf, raw);
 }
+
+// Verify that [`TcU32Selector`] fails to parse a buffer with an
+// invalid number of keys.
+#[test]
+fn test_tcu32_selector_invalid_nkeys() {
+    // TC u32 selector buffer layout:
+    // |byte0|byte1|byte2|byte3|byte4|byte5|byte6|byte7|
+    // |-----|-----|-----|-----|-----|-----|-----|-----|
+    // |flags|shift|nkeys|pad  |  offmask  |    off    |
+    // |-----|-----|-----|-----|-----|-----|-----|-----|
+    // |   offoff  |   hoff    |         hmask         |
+    // |-----|-----|-----|-----|-----|-----|-----|-----|
+    // |                     keys                      |
+    // |                      ...                      |
+    let buffer = [
+        0x00, 0x00, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00,
+    ];
+    assert!(TcU32SelectorBuffer::new_checked(buffer).is_err());
+}