| Message ID | 20161213193015.GA10610@avx2 |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
From: Alexey Dobriyan <adobriyan@gmail.com> Date: Tue, 13 Dec 2016 22:30:15 +0300 > Commit 4f7df337fe79bba1e4c2d525525d63b5ba186bbd > "netlink: 2-clause nla_ok()" is BROKEN. > > First clause tests if "->nla_len" could even be accessed at all, > it can not possibly be omitted. > > Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Applied, thanks.
--- a/include/net/netlink.h +++ b/include/net/netlink.h @@ -698,7 +698,8 @@ static inline int nla_len(const struct nlattr *nla) */ static inline int nla_ok(const struct nlattr *nla, int remaining) { - return nla->nla_len >= sizeof(*nla) && + return remaining >= (int) sizeof(*nla) && + nla->nla_len >= sizeof(*nla) && nla->nla_len <= remaining; }
Commit 4f7df337fe79bba1e4c2d525525d63b5ba186bbd "netlink: 2-clause nla_ok()" is BROKEN. First clause tests if "->nla_len" could even be accessed at all, it can not possibly be omitted. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- include/net/netlink.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)