diff mbox series

[02/26] netfilter: ipset: remove useless memset() calls

Message ID	20190625001233.22057-3-pablo@netfilter.org
State	Accepted
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> sender: pneira@us.es) by entrada.int (Postfix) with ESMTPA id 400054265A31; Tue, 25 Jun 2019 02:12:41 +0200 (CEST) From: Pablo Neira Ayuso <pablo@netfilter.org> To: netfilter-devel@vger.kernel.org Cc: davem@davemloft.net, netdev@vger.kernel.org Subject: [PATCH 02/26] netfilter: ipset: remove useless memset() calls Date: Tue, 25 Jun 2019 02:12:09 +0200 Message-Id: <20190625001233.22057-3-pablo@netfilter.org> In-Reply-To: <20190625001233.22057-1-pablo@netfilter.org> References: <20190625001233.22057-1-pablo@netfilter.org> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk
Series	[01/26] netfilter: ipv6: Fix undefined symbol nf_ct_frag6_gather \| expand [01/26] netfilter: ipv6: Fix undefined symbol nf_ct_frag6_gather [02/26] netfilter: ipset: remove useless memset() calls [03/26] netfilter: ipset: merge uadd and udel functions [04/26] netfilter: ipset: fix a missing check of nla_parse [05/26] netfilter: ipset: Fix the last missing check of nla_parse_deprecated() [06/26] netfilter: ipset: Fix error path in set_target_v3_checkentry() [07/26] ipset: Fix memory accounting for hash types on resize [08/26] Update my email address [09/26] netfilter: nft_ct: add ct expectations support [10/26] netfilter: conntrack: small conntrack lookup optimization [11/26] netfilter: xt_owner: bail out with EINVAL in case of unsupported flags [12/26] netfilter: bridge: port sysctls to use brnf_net [13/26] netfilter: bridge: namespace bridge netfilter sysctls [14/26] netfilter: synproxy: add common uapi for SYNPROXY infrastructure [15/26] netfilter: synproxy: remove module dependency on IPv6 SYNPROXY [16/26] netfilter: synproxy: extract SYNPROXY infrastructure from {ipt, ip6t}_SYNPROXY [17/26] netfilter: synproxy: ensure zero is returned on non-error return path [18/26] netfilter: nft_ct: fix null pointer in ct expectations support [19/26] netfilter: nf_tables: enable set expiration time for set elements [20/26] netfilter: synproxy: fix building syncookie calls [21/26] netfilter: synproxy: use nf_cookie_v6_check() from core [22/26] netfilter: bridge: prevent UAF in brnf_exit_net() [23/26] netfilter: fix nf_conntrack_bridge/ipv6 link error [24/26] netfilter: bridge: Fix non-untagged fragment packet [25/26] netfilter: synproxy: fix manual bump of the reference counter [26/26] netfilter: nf_tables: add support for matching IPv4 options

Commit Message

Pablo Neira Ayuso June 25, 2019, 12:12 a.m. UTC

From: Florent Fourcot <florent.fourcot@wifirst.fr>

One of the memset call is buggy: it does not erase full array, but only pointer size.
Moreover, after a check, first step of nla_parse_nested/nla_parse is to
erase tb array as well. We can remove both calls safely.

Signed-off-by: Florent Fourcot <florent.fourcot@wifirst.fr>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
 net/netfilter/ipset/ip_set_core.c | 2 --
 1 file changed, 2 deletions(-)

diff mbox series

Patch

diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 3f4a4936f63c..faddcf398b73 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -1599,7 +1599,6 @@  static int ip_set_uadd(struct net *net, struct sock *ctnl, struct sk_buff *skb,
 		int nla_rem;
 
 		nla_for_each_nested(nla, attr[IPSET_ATTR_ADT], nla_rem) {
-			memset(tb, 0, sizeof(tb));
 			if (nla_type(nla) != IPSET_ATTR_DATA ||
 			    !flag_nested(nla) ||
 			    nla_parse_nested_deprecated(tb, IPSET_ATTR_ADT_MAX, nla, set->type->adt_policy, NULL))
@@ -1651,7 +1650,6 @@  static int ip_set_udel(struct net *net, struct sock *ctnl, struct sk_buff *skb,
 		int nla_rem;
 
 		nla_for_each_nested(nla, attr[IPSET_ATTR_ADT], nla_rem) {
-			memset(tb, 0, sizeof(*tb));
 			if (nla_type(nla) != IPSET_ATTR_DATA ||
 			    !flag_nested(nla) ||
 			    nla_parse_nested_deprecated(tb, IPSET_ATTR_ADT_MAX, nla, set->type->adt_policy, NULL))