From fad5734995e3fba428ce5e4131389c4fff0610ab Mon Sep 17 00:00:00 2001
From: Kristof Provost <kp@FreeBSD.org>
Date: Sat, 14 Oct 2023 14:47:35 +0200
Subject: [PATCH] netlink: descend into nested parsers when verifying

When we verify that the attributes are correctly sorted we should also
try to verify the nested attribute parsers.

Reviewed by:	melifaro
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D42222
---
 sys/netlink/netlink_message_parser.h | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/sys/netlink/netlink_message_parser.h b/sys/netlink/netlink_message_parser.h
index 517f3ebd49f..c682973d3e3 100644
--- a/sys/netlink/netlink_message_parser.h
+++ b/sys/netlink/netlink_message_parser.h
@@ -289,6 +289,14 @@ nl_verify_parsers(const struct nlhdr_parser **parser, int count)
 		for (int j = 0; j < p->np_size; j++) {
 			MPASS(p->np[j].type > attr_type);
 			attr_type = p->np[j].type;
+
+			/* Recurse into nested objects. */
+			if (p->np[j].cb == nlattr_get_nested ||
+			    p->np[j].cb == nlattr_get_nested_ptr) {
+				const struct nlhdr_parser *np =
+				    (const struct nlhdr_parser *)p->np[j].arg;
+				nl_verify_parsers(&np, 1);
+			}
 		}
 	}
 #endif