Hi,
NLMSG_OK in 2.4.0-test7 has three problems:
(1) nlmsg_len is read before it is checked that the message is long
enough
(2) sizes are compared with unaligned size of struct nlmsghdr
(3) compiler warnings (comparision between signed and unsigned) if the
len parameter is signed
I'm not sure if (2) is really a problem. Messages without full padding
at the end can be useful (and are accepted by rtnetlink_rcv_skb(), for
instance), even though this has odd effects like nlmsg_len being
smaller than NLMSG_LENGTH(0) or NLMSG_NEXT decrementing its 'len'
parameter below 0 (which requires that len must be signed, NLMSG_NEXT
won't work correctly otherwise). The patch is incorrect if such
messages are valid. In this case you may only want to change the len >
0 check in NLMSG_OK to len >= sizeof(struct nlmsghdr).
--
Jan
patch-2.4.0-test7-nlmsgok2
Description: Text document
|