link: Check buffer length when parsing NLAs

Jeff-A-Martin · cathay4t · commit a543bb770be9 · 2024-03-29T00:38:07.000+08:00
Verify the NlaBuffer has the expected size when parsing the
`IFLA_XDP_ATTACHED` and `IFLA_VLAN_QOS_MAPPING` interface NLAs. This
prevents a panic opportunity when attempting to parse malformed
interface NLAs.
diff --git a/src/link/link_info/vlan.rs b/src/link/link_info/vlan.rs
@@ -113,10 +113,17 @@ impl<'a, T: AsRef<[u8]> + ?Sized> Parseable<NlaBuffer<&'a T>>
         use VlanQosMapping::*;
         let payload = buf.value();
         Ok(match buf.kind() {
-            IFLA_VLAN_QOS_MAPPING => Mapping(
-                parse_u32(&payload[..4]).context("expected u32 from value")?,
-                parse_u32(&payload[4..]).context("expected u32 to value")?,
-            ),
+            IFLA_VLAN_QOS_MAPPING => {
+                if payload.len() != 8 {
+                    return Err("invalid IFLA_VLAN_QOS_MAPPING value".into());
+                }
+                Mapping(
+                    parse_u32(&payload[..4])
+                        .context("expected u32 from value")?,
+                    parse_u32(&payload[4..])
+                        .context("expected u32 to value")?,
+                )
+            }
             kind => Other(DefaultNla::parse(buf).context(format!(
                 "unknown NLA type {kind} for VLAN QoS mapping"
             ))?),
diff --git a/src/link/xdp.rs b/src/link/xdp.rs
@@ -6,7 +6,7 @@ use anyhow::Context;
 use byteorder::{ByteOrder, NativeEndian};
 use netlink_packet_utils::{
     nla::{DefaultNla, Nla, NlaBuffer, NlasIterator},
-    parsers::{parse_i32, parse_u32},
+    parsers::{parse_i32, parse_u32, parse_u8},
     DecodeError, Parseable,
 };
 
@@ -98,10 +98,11 @@ impl<'a, T: AsRef<[u8]> + ?Sized> Parseable<NlaBuffer<&'a T>> for LinkXdp {
             IFLA_XDP_FD => Self::Fd(
                 parse_i32(payload).context("invalid IFLA_XDP_FD value")?,
             ),
-            IFLA_XDP_ATTACHED => Self::Attached(
-                XdpAttached::try_from(payload[0])
-                    .context("invalid IFLA_XDP_ATTACHED value")?,
-            ),
+            IFLA_XDP_ATTACHED => {
+                let err = "invalid IFLA_XDP_ATTACHED value";
+                let value = parse_u8(payload).context(err)?;
+                Self::Attached(XdpAttached::try_from(value).context(err)?)
+            }
             IFLA_XDP_FLAGS => Self::Flags(
                 parse_u32(payload).context("invalid IFLA_XDP_FLAGS value")?,
             ),
