Re: Audit control kernel patch

From: Stephen Smalley (sds@private)
Date: Fri Dec 03 2004 - 05:12:36 PST


<snip>
+int netlink_get_msgtype(struct sk_buff *skb)
+{
+	struct nlmsghdr *nlh = (struct nlmsghdr *)skb->data;
+
+	if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len)
+		return -EINVAL;
+	return nlh->nlmsg_type;
+}
+
</snip>

In the earlier version of this patch, you also checked for skb->len <
NLMSG_SPACE(0) before dereferencing skb->data at all.  Was that
unnecessary or did you accidentally drop it?

-- 
Stephen Smalley <sds@private>
National Security Agency



This archive was generated by hypermail 2.1.3 : Fri Dec 03 2004 - 05:17:59 PST