Re: Audit control kernel patch

From: Serge Hallyn (serue@private)
Date: Fri Dec 03 2004 - 07:00:01 PST


Oh.  I did very purposely take that out, but actually I think it is
needed for safety.  New patch attached.

Shouldn't that be checked earlier on in netlink_sendmsg, though?  Or
aren't all netlink messages going to contain a struct nlmsghdr?

thanks,
-serge

On Fri, 2004-12-03 at 08:12 -0500, Stephen Smalley wrote:
> <snip>
> +int netlink_get_msgtype(struct sk_buff *skb)
> +{
> +	struct nlmsghdr *nlh = (struct nlmsghdr *)skb->data;
> +
> +	if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len)
> +		return -EINVAL;
> +	return nlh->nlmsg_type;
> +}
> +
> </snip>
> 
> In the earlier version of this patch, you also checked for skb->len <
> NLMSG_SPACE(0) before dereferencing skb->data at all.  Was that
> unnecessary or did you accidentally drop it?
> 
-- 
Serge Hallyn <serue@private>



This archive was generated by hypermail 2.1.3 : Fri Dec 03 2004 - 05:47:52 PST