tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
[NETFILTER]: cleanup nfnetlink_check_attributes()
1) memset return parameter 'cda' (nfattr pointer array) only on success
2) a message without attributes and just a 'struct nfgenmsg' is valid,
don't return -EINVAL
3) use likely() and unlikely() where apropriate
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by
Harald Welte
and committed by
David S. Miller
a42827b7
927ccbcc
+10
-9
+10
-9
net/netfilter/nfnetlink.c
+10
-9
net/netfilter/nfnetlink.c
···
163
163
cb_id, subsys->cb_count);
164
164
return -EINVAL;
165
165
}
166
-
167
-
attr_count = subsys->cb[cb_id].attr_count;
168
166
167
+
min_len = NLMSG_ALIGN(sizeof(struct nfgenmsg));
168
+
if (unlikely(nlh->nlmsg_len < min_len))
169
+
return -EINVAL;
170
+
171
+
attr_count = subsys->cb[cb_id].attr_count;
169
172
memset(cda, 0, sizeof(struct nfattr *) * attr_count);
170
173
171
174
/* check attribute lengths. */
172
-
min_len = NLMSG_ALIGN(sizeof(struct nfgenmsg));
173
-
if (nlh->nlmsg_len < min_len)
174
-
return -EINVAL;
175
-
176
-
if (nlh->nlmsg_len > min_len) {
175
+
if (likely(nlh->nlmsg_len > min_len)) {
177
176
struct nfattr *attr = NFM_NFA(NLMSG_DATA(nlh));
178
177
int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len);
179
178
···
185
186
}
186
187
attr = NFA_NEXT(attr, attrlen);
187
188
}
188
-
} else
189
-
return -EINVAL;
189
+
}
190
+
191
+
/* implicit: if nlmsg_len == min_len, we return 0, and an empty
192
+
* (zeroed) cda[] array. The message is valid, but empty. */
190
193
191
194
return 0;
192
195
}