On Thu, Oct 23, 2014 at 10:36:07AM +0200, Florian Westphal wrote: > don't try to queue payloads > 0xffff - NLA_HDRLEN, it does not work. > The nla length includes the size of the nla struct, so anything larger > results in u16 integer overflow. > > This patch is similar to > 9cefbbc9c8f9abe (netfilter: nfnetlink_queue: cleanup copy_range usage). Indeed, if we find problem in nfqueue, we should also keep in mind that we should revisit nflog too. Those two codebases are very similar (I suspect one forked from another at some point, with ad-hoc modifications to each case). Applied, thanks a lot for taking the time to look into this. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
