Improve netlink interface code and packet validation #123
Description
The current logic for using netlink(7) sockets and parsing packets does not do proper validation on the length of the received packet. The parsing code uses libnl to parse the packets, but calls into nlmsg_parse() directly without first validating the packet with nlmsg_ok(). Because recv(2) defaults to silently truncating netlink packets that are larger than the received buffer, we may receive a packet with too many attributes that extends beyond the buffer we passed in. When we begin to parse the packet, we may end up doing an out-of-bounds memory access due to this. The nlmsg_parse() API function does not take in the whole packet length as a parameter and assumes the packet was already validated with nlmsg_ok() or similar logic. This bug occurs at least twice in lldp_util.c and also in qbg/vdpnl.c. Part of this is currently being fixed in PR #122. Further use of netlink should be investigated as well.
The documentation for libnl at https://www.infradead.org/~tgr/libnl/doc/core.html might be worth a read and perhaps we should be using more of the library to handle some of the logic we are already doing. For example, some of the logic proposed to allocate buffers is provided by nl_recv().