On 4/8/17 2:24 PM, Johannes Berg wrote: > @@ -2300,14 +2332,35 @@ void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err) > NLMSG_ERROR, payload, 0); > errmsg = nlmsg_data(rep); > errmsg->error = err; > - memcpy(&errmsg->msg, nlh, payload > sizeof(*errmsg) ? nlh->nlmsg_len : sizeof(*nlh)); > + memcpy(&errmsg->msg, nlh, > + !(nlk->flags & NETLINK_F_CAP_ACK) ? nlh->nlmsg_len > + : sizeof(*nlh)); > + generically this makes userspace parsing more problematic: the parsing layer may not know if the socket option has been set to precisely know the size of errmsg->msg and how much data needs to be skipped to get to the new attributes.
