| To: | davem@xxxxxxxxxx (David S. Miller) |
|---|---|
| Subject: | Re: old NLMSG_OK fix |
| From: | Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> |
| Date: | Mon, 28 Jun 2004 19:43:37 +1000 |
| Cc: | hch@xxxxxx, netdev@xxxxxxxxxxx |
| In-reply-to: | <20040627205133.11d37f0c.davem@redhat.com> |
| Organization: | Core |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | tin/1.7.4-20040225 ("Benbecula") (UNIX) (Linux/2.4.26-1-686-smp (i686)) |
David S. Miller <davem@xxxxxxxxxx> wrote: > On Sun, 27 Jun 2004 19:15:52 +0200 > Christoph Hellwig <hch@xxxxxx> wrote: > >> http://oss.sgi.com/projects/netdev/archive/2000-09/msg00001.html > > It works because there is always 16 bytes of scratch at the end of an > SKB more than was allocated for the actual data. So blindly deref'ing > the nlmsg_len value is fine here. Yes but this is also used by user-space appliations where this scratch space may not exist. NETLINK messages can travel from one application to another so exploits are possible. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: kiocb->private is too large for kiocb's on-stack, William Lee Irwin III |
|---|---|
| Next by Date: | [PATCH] Add selective delay to sch_dealy (aka sch_ooo), Catalin BOIE |
| Previous by Thread: | Re: old NLMSG_OK fix, David S. Miller |
| Next by Thread: | Re: old NLMSG_OK fix, David S. Miller |
| Indexes: | [Date] [Thread] [Top] [All Lists] |