On 06/20/2013 11:45 AM, Pablo Neira Ayuso wrote:
On Wed, Jun 12, 2013 at 05:54:51PM +0200, Daniel Borkmann wrote:
These are the only calls under net/ that do not check nla_parse_nested()
for its error code, but simply continue execution. If parsing of netlink
attributes fails, we should return with an error instead of continuing.
In nearly all of these calls we have a policy attached, that is being
type verified during nla_parse_nested(), which we would miss checking
for otherwise.
Applied, thanks Daniel.
I'm going to run some tests, this may uncover wrong policies as they
were not enforced.
Ok, sounds good, thanks Pablo !
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
